scimgateway 5.0.7 → 5.0.8

package/README.md

@@ -258,8 +258,8 @@ Below shows an example of config\plugin-saphana.json
           ],
           "bearerOAuth": [
             {
-              "client_id": null,
-              "client_secret": null,
+              "clientId": null,
+              "clientSecret": null,
               "readOnly": false,
               "baseEntities": []
             }
@@ -398,7 +398,7 @@ Definitions in `endpoint` object are customized according to our plugin code. Pl
 
 - **auth.bearerJwt** - Array of one or more standard JWT objects. Using **secret** or **publicKey** for signature verification. publicKey should be set to the filename of public key or certificate pem-file located in `<package-root>\config\certs` or absolute path being used. Clear text secret will become encrypted when gateway is started. **options.issuer** is mandatory. Other options may also be included according to jsonwebtoken npm package definition.
 
-- **auth.bearerOAuth** - Array of one or more Client Credentials OAuth configuration objects. **`client_id`** and **`client_secret`** are mandatory. client_secret value will become encrypted when gateway is started. OAuth token request url is **/oauth/token** e.g. http://localhost:8880/oauth/token
+- **auth.bearerOAuth** - Array of one or more Client Credentials OAuth configuration objects. **`clientId`** and **`clientSecret`** are mandatory. clientSecret value will become encrypted when gateway is started. OAuth token request url is **/oauth/token** e.g. http://localhost:8880/oauth/token
 
 - **auth.passThrough** - Setting **auth.passThrough.enabled=true** will bypass SCIM Gateway authentication. Gateway will instead pass ctx containing authentication header to the plugin. Plugin could then use this information for endpoint authentication and we don't have any password/token stored at the gateway. Note, this also requires plugin binary having `scimgateway.authPassThroughAllowed = true` and endpoint logic for handling/passing ctx.request.header.authorization
 
@@ -462,18 +462,18 @@ Definitions in `endpoint` object are customized according to our plugin code. Pl
 
 	Configuration notes when using default configuration oauth and tenantIdGUID - Microsoft Exchange Online (ExO):
 
-	- Entra ID application must have application permissions "**Mail.Send**"  
-	- To prevent the sending of emails from any defined mailboxes, an ExO **ApplicationAccessPolicy** must be defined through PowerShell.  
+	- Entra ID application must have application permissions `Mail.Send`  
+	- To prevent the sending of emails from any defined mailboxes, an ExO `ApplicationAccessPolicy` must be defined through PowerShell.  
 	
 		First create a mail-enabled security-group that only includes those users (mailboxes) the application is allowed to send from  
-		Note, "mail enabled security" group cannot be created from portal, only from admin or admin.exchange console
+		Note, `mail enabled security group` cannot be created from portal, only from admin or admin.exchange console
 		  
 			##Connect to Exchange
 			Install-Module -Name ExchangeOnlineManagement
 			Connect-ExchangeOnline
 			 
 			##Create ApplicationAccessPolicy
-			New-ApplicationAccessPolicy -AppId $AppClientID -PolicyScopeGroupId $MailEnabledSecurityGrpId -AccessRight RestrictAccess -Description "Restrict app to specific mailboxes"
+			New-ApplicationAccessPolicy -AppId <AppClientID> -PolicyScopeGroupId <MailEnabledSecurityGrpId> -AccessRight RestrictAccess -Description "Restrict app to specific mailboxes"
 
 - **stream** - See [SCIM Stream](https://elshaug.xyz/docs/scim-stream) for configuration details
 
@@ -1111,6 +1111,15 @@ MIT © [Jarle Elshaug](https://www.elshaug.xyz)
 
 ## Change log  
 
+### v5.0.8
+
+[Fixed]
+
+- Ensure Bun compatibility with Azure Reverse Proxy for large and long running response
+- HelperRest was not compatible with Node.js
+- plugin-mssql, some error handling should not throw an error
+- Configuration files updated according to the v5 configuration syntax of `scimgateway.auth.bearerOAuth` - `clientId/clientSecret` now replacing deprecated `client_id/client_secret`
+
 ### v5.0.7
 
 [Improved]
@@ -1155,9 +1164,7 @@ MIT © [Jarle Elshaug](https://www.elshaug.xyz)
 
 
 **new configuration:**  
-Using Microsoft Exchange Online and oauth authencation which also is default and recommended by Microsoft    
-For other mail servers and options like SMTP AUTH (basic/oauth), please see configuration description  
-Plugin may also send mail using method scimgateway.sendMail()  
+Using Microsoft Exchange Online and oauth authencation which also is default and recommended by Microsoft. For other mail servers and options like SMTP AUTH (basic/oauth), please see configuration description. Plugin may also send mail using method scimgateway.sendMail()
 
 	{
 	  "scimgateway": {
@@ -1184,18 +1191,18 @@ Plugin may also send mail using method scimgateway.sendMail()
     
 Configuration notes when using oauth and tenantIdGUID - Microsoft Exchange Online (ExO):  
 
-- Entra ID application must have application permissions "**Mail.Send**"  
-- To prevent the sending of emails from any defined mailboxes, an ExO **ApplicationAccessPolicy** must be defined through PowerShell.  
+- Entra ID application must have application permissions `Mail.Send`  
+- To prevent the sending of emails from any defined mailboxes, an ExO `ApplicationAccessPolicy` must be defined through PowerShell.  
 
 	First create a mail-enabled security-group that only includes those users (mailboxes) the application is allowed to send from  
-	Note, "mail enabled security" group cannot be created from portal, only from admin or admin.exchange console
+	Note, `mail enabled security group` cannot be created from portal, only from admin or admin.exchange console
 	  
 		##Connect to Exchange
 		Install-Module -Name ExchangeOnlineManagement
 		Connect-ExchangeOnline
 		 
 		##Create ApplicationAccessPolicy
-		New-ApplicationAccessPolicy -AppId $AppClientID -PolicyScopeGroupId $MailEnabledSecurityGrpId -AccessRight RestrictAccess -Description "Restrict app to specific mailboxes"
+		New-ApplicationAccessPolicy -AppId <AppClientID> -PolicyScopeGroupId <MailEnabledSecurityGrpId> -AccessRight RestrictAccess -Description "Restrict app to specific mailboxes"
 
 
 ### v5.0.5  
@@ -1308,7 +1315,7 @@ Besides going from JavaScript to TypeScript, following can be mentioned:
 
 * Use scimgateway.HelperRest() for REST functionlity, also supports Auth PassThrough
 * scimgateway.endpointMapper() may be used for inbound/outbound attribute mappings
-* In general when using TypeScript, variables should be type defined: `let isDone: boolean = false`, `catch (err: any)`, ...
+* In general when using TypeScript, variables should be type-defined: `let isDone: boolean = false`, `catch (err: any)`, ...
 
 ### v4.5.12
 

package/config/plugin-api.json

@@ -52,8 +52,8 @@
       ],
       "bearerOAuth": [
         {
-          "client_id": null,
-          "client_secret": null,
+          "clientId": null,
+          "clientSecret": null,
           "readOnly": false,
           "baseEntities": []
         }

package/config/plugin-entra-id.json

@@ -52,8 +52,8 @@
       ],
       "bearerOAuth": [
         {
-          "client_id": null,
-          "client_secret": null,
+          "clientId": null,
+          "clientSecret": null,
           "readOnly": false,
           "baseEntities": []
         }

package/config/plugin-ldap.json

@@ -52,8 +52,8 @@
       ],
       "bearerOAuth": [
         {
-          "client_id": null,
-          "client_secret": null,
+          "clientId": null,
+          "clientSecret": null,
           "readOnly": false,
           "baseEntities": []
         }

package/config/plugin-loki.json

@@ -52,8 +52,8 @@
       ],
       "bearerOAuth": [
         {
-          "client_id": null,
-          "client_secret": null,
+          "clientId": null,
+          "clientSecret": null,
           "readOnly": false,
           "baseEntities": []
         }

package/config/plugin-mongodb.json

@@ -58,8 +58,8 @@
       ],
       "bearerOAuth": [
         {
-          "client_id": null,
-          "client_secret": null,
+          "clientId": null,
+          "clientSecret": null,
           "readOnly": false,
           "baseEntities": []
         }

package/config/plugin-mssql.json

@@ -52,8 +52,8 @@
       ],
       "bearerOAuth": [
         {
-          "client_id": null,
-          "client_secret": null,
+          "clientId": null,
+          "clientSecret": null,
           "readOnly": false,
           "baseEntities": []
         }

package/config/plugin-saphana.json

@@ -52,8 +52,8 @@
       ],
       "bearerOAuth": [
         {
-          "client_id": null,
-          "client_secret": null,
+          "clientId": null,
+          "clientSecret": null,
           "readOnly": false,
           "baseEntities": []
         }

package/config/plugin-scim.json

@@ -52,8 +52,8 @@
       ],
       "bearerOAuth": [
         {
-          "client_id": null,
-          "client_secret": null,
+          "clientId": null,
+          "clientSecret": null,
           "readOnly": false,
           "baseEntities": []
         }

package/config/plugin-soap.json

@@ -52,8 +52,8 @@
       ],
       "bearerOAuth": [
         {
-          "client_id": null,
-          "client_secret": null,
+          "clientId": null,
+          "clientSecret": null,
           "readOnly": false,
           "baseEntities": []
         }

package/lib/helper-rest.ts

@@ -4,7 +4,7 @@ import { Buffer } from 'node:buffer'
 import fs from 'node:fs'
 import querystring from 'querystring'
 import * as utils from './utils.ts'
-import ScimGateway from 'scimgateway'
+// import type { ScimGateway } from 'scimgateway' // comment out for supporting Node.js, using type any and no IntelliSense
 
 /**
  * HelperRest includes function doRequest() for doing REST calls
@@ -13,12 +13,12 @@ export class HelperRest {
   private lock = new utils.Lock()
   private _serviceClient: Record<string, any> = {}
   private config_entity: any
-  private scimgateway: ScimGateway
+  private scimgateway: any
   private idleTimeout: number
   private graphUrl = 'https://graph.microsoft.com/beta' // beta instead of 'v1.0' gives all user attributes when no $select
 
-  constructor(scimgateway: ScimGateway, optionalEntities?: Record<string, any>) {
-    if (!(scimgateway instanceof ScimGateway)) throw new Error('HelperRest initialization error: argument scimgateway is not of type ScimGateway')
+  constructor(scimgateway: any, optionalEntities?: Record<string, any>) {
+    if (!scimgateway || !scimgateway.gwName) throw new Error('HelperRest initialization error: argument scimgateway is not of type ScimGateway')
     this.scimgateway = scimgateway
     this.idleTimeout = (scimgateway as any)?.config?.scimgateway.idleTimeout || 120
     this.idleTimeout = this.idleTimeout - 1

package/lib/plugin-mssql.ts

@@ -6,7 +6,7 @@
 // Purpose: SQL user-provisioning
 //
 // Prereq:
-// CREATE TABLE [User] (
+// CREATE TABLE [Users] (
 //     [UserID] VARCHAR(50) NOT NULL,
 //     [Enabled] VARCHAR(50) NULL,
 //     [Password] VARCHAR(50) NULL,
@@ -19,7 +19,7 @@
 //         PRIMARY KEY ([UserID])
 // );
 //
-// CREATE TABLE [Group] (
+// CREATE TABLE [Groups] (
 //     [GroupID] VARCHAR(50) NOT NULL,
 //     [Enabled] VARCHAR(50) NULL,
 //     CONSTRAINT [PK_Group]
@@ -33,11 +33,11 @@
 //         PRIMARY KEY ([GroupID],[UserID]),
 //     CONSTRAINT [FK_U2G_Group]
 //         FOREIGN KEY ([GroupID])
-//         REFERENCES [Group]([GroupID])
+//         REFERENCES [Groups]([GroupID])
 //         ON DELETE CASCADE,
 //     CONSTRAINT [FK_U2G_Users]
 //         FOREIGN KEY ([UserID])
-//         REFERENCES [User]([UserID])
+//         REFERENCES [Users]([UserID])
 //         ON DELETE CASCADE
 // );
 //
@@ -66,7 +66,7 @@ import { Connection, Request } from 'tedious'
 const ScimGateway: typeof import('scimgateway').ScimGateway = await (async () => {
   try {
     return (await import('scimgateway')).ScimGateway
-  } catch (err) {
+  } catch (err: any) {
     const source = './scimgateway.ts'
     return (await import(source)).ScimGateway
   }
@@ -113,17 +113,13 @@ scimgateway.getUsers = async (baseEntity, getObj, attributes, ctx) => {
   if (!sqlQuery) throw new Error(`${action} error: mandatory if-else logic not fully implemented`)
 
   try {
-    return await new Promise(async (resolve, reject) => {
+    return await new Promise(async (resolve) => {
       const ret: any = { // itemsPerPage will be set by scimgateway
         Resources: [],
         totalResults: null,
       }
 
-      const users: any[] = await query(sqlQuery, ctx).catch((err: any) => {
-        const e = new Error(`${action} error: ${err.message}`)
-        return reject(e)
-      })
-
+      const users: any[] = await query(sqlQuery, ctx).catch(err => scimgateway.logWarn(baseEntity, `${action} warning: ${err.message}`))
       for (const user of users) {
         const scimUser = {
           id: user.UserID.value ? user.UserID.value : undefined,
@@ -155,7 +151,7 @@ scimgateway.createUser = async (baseEntity, userObj, ctx) => {
   scimgateway.logDebug(baseEntity, `handling "${action}" userObj=${JSON.stringify(userObj)}`)
 
   try {
-    return await new Promise(async (resolve, reject) => {
+    return await new Promise(async (resolve) => {
       if (!userObj.name) userObj.name = {}
       if (!userObj.emails) userObj.emails = { work: {} }
       if (!userObj.phoneNumbers) userObj.phoneNumbers = { work: {} }
@@ -174,10 +170,7 @@ scimgateway.createUser = async (baseEntity, userObj, ctx) => {
       const sqlQuery = `insert into [Users] (UserID, Enabled, Password, FirstName, MiddleName, LastName, Email, MobilePhone)
                 values (${insert.UserID}, ${insert.Enabled}, ${insert.Password}, ${insert.FirstName}, ${insert.MiddleName}, ${insert.LastName}, ${insert.Email}, ${insert.MobilePhone})`
 
-      await query(sqlQuery, ctx).catch((err: any) => {
-        const e = new Error(`${action} error: ${err.message}`)
-        return reject(e)
-      })
+      await query(sqlQuery, ctx).catch(err => scimgateway.logWarn(baseEntity, `${action} warning: ${err.message}`))
 
       resolve(null)
     }) // Promise
@@ -194,12 +187,9 @@ scimgateway.deleteUser = async (baseEntity, id, ctx) => {
   scimgateway.logDebug(baseEntity, `handling "${action}" id=${id}`)
 
   try {
-    return await new Promise(async (resolve, reject) => {
+    return await new Promise(async (resolve) => {
       const sqlQuery = `delete from [Users] where UserID = '${id}'`
-      await query(sqlQuery, ctx).catch((err: any) => {
-        const e = new Error(`${action} error: ${err.message}`)
-        return reject(e)
-      })
+      await query(sqlQuery, ctx).catch(err => scimgateway.logWarn(baseEntity, `${action} warning: ${err.message}`))
 
       resolve(null)
     }) // Promise
@@ -216,7 +206,7 @@ scimgateway.modifyUser = async (baseEntity, id, attrObj, ctx) => {
   scimgateway.logDebug(baseEntity, `handling "${action}" id=${id} attrObj=${JSON.stringify(attrObj)}`)
 
   try {
-    return await new Promise(async (resolve, reject) => {
+    return await new Promise(async (resolve) => {
       if (!attrObj.name) attrObj.name = {}
       if (!attrObj.emails) attrObj.emails = { work: {} }
       if (!attrObj.phoneNumbers) attrObj.phoneNumbers = { work: {} }
@@ -252,10 +242,7 @@ scimgateway.modifyUser = async (baseEntity, id, attrObj, ctx) => {
       sql = sql.substr(0, sql.length - 1) // remove trailing ","
 
       const sqlQuery = `update [Users] set ${sql} where UserID like '${id}'`
-      await query(sqlQuery, ctx).catch((err: any) => {
-        const e = new Error(`${action} error: ${err.message}`)
-        return reject(e)
-      })
+      await query(sqlQuery, ctx).catch(err => scimgateway.logWarn(baseEntity, `${action} warning: ${err.message}`))
 
       resolve(null)
     }) // Promise
@@ -296,16 +283,13 @@ scimgateway.getGroups = async (baseEntity, getObj, attributes, ctx) => {
   if (!sqlQuery) throw new Error(`${action} error: mandatory if-else logic not fully implemented`)
 
   try {
-    return await new Promise(async (resolve, reject) => {
+    return await new Promise(async (resolve) => {
       const ret: any = { // itemsPerPage will be set by scimgateway
         Resources: [],
         totalResults: null,
       }
 
-      const groups = await query(sqlQuery, ctx).catch((err: any) => {
-        const e = new Error(`${action} error: ${err.message}`)
-        return reject(e)
-      })
+      const groups: any[] = await query(sqlQuery, ctx).catch(err => scimgateway.logWarn(baseEntity, `${action} warning: ${err.message}`))
 
       for (const group of groups) {
         const scimGroup: Record<string, any> = {
@@ -316,7 +300,7 @@ scimgateway.getGroups = async (baseEntity, getObj, attributes, ctx) => {
         }
 
         const sqlQuery = `select UserID from [Users2Group] where GroupID = '${scimGroup.id}'`
-        const members = await query(sqlQuery, ctx).catch(e => console.warn(`${e}`))
+        const members = await query(sqlQuery, ctx).catch(err => scimgateway.logWarn(baseEntity, `${action} warning: ${err.message}`))
         for (const member of members) {
           const scimMember = {
             value: member.UserID.value,
@@ -343,21 +327,20 @@ scimgateway.createGroup = async (baseEntity, groupObj, ctx) => {
   scimgateway.logDebug(baseEntity, `handling "${action}" groupObj=${JSON.stringify(groupObj)}`)
 
   try {
-    return await new Promise(async (resolve, reject) => {
+    return await new Promise(async (resolve) => {
       const insert = {
         GroupID: `'${groupObj.displayName}'`,
         Enabled: (groupObj.active) ? `'${groupObj.active}'` : '\'false\'',
       }
 
       const sqlQuery = `insert into [Groups] (GroupID, Enabled) values (${insert.GroupID}, ${insert.Enabled})`
-      await query(sqlQuery, ctx).catch(e => console.warn(`${e}`))
-
-      for (const member of groupObj.members) {
-        const sqlQuery = `insert into [Users2Group] (UserID, GroupID) values ('${member.value}', ${insert.GroupID})`
-        await query(sqlQuery, ctx).catch((err: any) => {
-          const e = new Error(`${action} error: ${err.message}`)
-          return reject(e)
-        })
+      await query(sqlQuery, ctx).catch(err => scimgateway.logWarn(baseEntity, `${action} warning: ${err.message}`))
+
+      if (Array.isArray(groupObj.members) && groupObj.members) {
+        for (const member of groupObj.members) {
+          const sqlQuery = `insert into [Users2Group] (UserID, GroupID) values ('${member.value}', ${insert.GroupID})`
+          await query(sqlQuery, ctx).catch(err => scimgateway.logWarn(baseEntity, `${action} warning: ${err.message}`))
+        }
       }
 
       resolve(null)
@@ -375,12 +358,9 @@ scimgateway.deleteGroup = async (baseEntity, id, ctx) => {
   scimgateway.logDebug(baseEntity, `handling "${action}" id=${id}`)
 
   try {
-    return await new Promise(async (resolve, reject) => {
+    return await new Promise(async (resolve) => {
       const sqlQuery = `delete from [Groups] where GroupID = '${id}'`
-      await query(sqlQuery, ctx).catch((err: any) => {
-        const e = new Error(`${action} error: ${err.message}`)
-        return reject(e)
-      })
+      await query(sqlQuery, ctx).catch(err => scimgateway.logWarn(baseEntity, `${action} warning: ${err.message}`))
 
       resolve(null)
     }) // Promise
@@ -409,25 +389,22 @@ scimgateway.modifyGroup = async (baseEntity, id, attrObj, ctx) => {
   // This BLINDLY inserts all user/groups and gracefully breaks on PK violation
   // for each existing membership
   if (Array.isArray(attrObj.members) && attrObj.members) {
-    attrObj.members.forEach((member) => {
+    for (const member of attrObj.members) {
       if (member.operation == 'delete') {
         queries.push(`delete from [Users2Group] where GroupID='${id}' and UserID='${member.value}'`)
       } else {
         queries.push(`insert into [Users2Group] (UserID, GroupID) values ('${member.value}','${id}')`)
       }
-    })
+    }
   }
 
   const sqlQuery = queries.join(';')
 
   try {
-    return await new Promise(async (resolve, reject) => {
+    return await new Promise(async (resolve) => {
       if (sqlQuery) {
         scimgateway.logDebug(baseEntity, `sqlQuery: ${sqlQuery}`)
-        await query(sqlQuery, ctx).catch((err: any) => {
-          const e = new Error(`${action} error: ${err.message}`)
-          return reject(e)
-        })
+        await query(sqlQuery, ctx).catch(err => scimgateway.logWarn(baseEntity, `${action} warning: ${err.message}`))
       }
 
       resolve(null)

package/lib/scimgateway.ts

@@ -2367,13 +2367,25 @@ export class ScimGateway {
           if (!ctx.response.body) ctx.response.body = 'NOT_FOUND'
           break
       }
-      const response = new Response(ctx.response.body, { status: ctx.response.status, headers: ctx.response.headers })
-      if (ctx.response.body) {
+      const body = ctx.response.body
+      if (body) {
         try {
-          JSON.parse(ctx.response.body)
-          response.headers.set('content-type', 'application/scim+json; charset=utf-8')
+          JSON.parse(body)
+          ctx.response.headers.set('content-type', 'application/scim+json; charset=utf-8')
         } catch (err) { void 0 }
       }
+      let response: Response
+      if (typeof Bun !== 'undefined') {
+        const stream = new ReadableStream({ // ensure Bun compatibility with Azure Reverse Proxy for large and long running response - header set by Bun: Transfer-Encoding: 'chunked'
+          start(controller) {
+            controller.enqueue(body)
+            controller.close()
+          },
+        })
+        response = new Response(body ? stream : undefined, { status: ctx.response.status, headers: ctx.response.headers })
+      } else {
+        response = new Response(body ? body : undefined, { status: ctx.response.status, headers: ctx.response.headers })
+      }
       logResult(ctx)
       return response
     }
@@ -2698,6 +2710,13 @@ export class ScimGateway {
     this.logger.info(`${this.pluginName}[${baseEntity}] ${msg}`)
   }
 
+  /**
+  * logWarn logs warning message
+  **/
+  logWarn(baseEntity: string | undefined, msg: string) {
+    this.logger.warn(`${this.pluginName}[${baseEntity}] ${msg}`)
+  }
+
   /**
   * logError logs error message
   **/

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "scimgateway",
-  "version": "5.0.7",
+  "version": "5.0.8",
   "type": "module",
   "description": "Using SCIM protocol as a gateway for user provisioning to other endpoints",
   "author": "Jarle Elshaug <jarle.elshaug@gmail.com> (https://elshaug.xyz)",