scimgateway 5.3.1 → 5.3.3
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +13 -0
- package/lib/helper-rest.ts +2 -1
- package/lib/logger.ts +9 -7
- package/package.json +1 -1
package/README.md
CHANGED
|
@@ -1405,6 +1405,19 @@ MIT © [Jarle Elshaug](https://www.elshaug.xyz)
|
|
|
1405
1405
|
|
|
1406
1406
|
## Change log
|
|
1407
1407
|
|
|
1408
|
+
### v5.3.3
|
|
1409
|
+
|
|
1410
|
+
[Fixed]
|
|
1411
|
+
|
|
1412
|
+
- helper-rest, SamlBearer token-request now includes `new_token=true` to avoid retrieving an existing token that is about to expire
|
|
1413
|
+
|
|
1414
|
+
### v5.3.2
|
|
1415
|
+
|
|
1416
|
+
[Improved]
|
|
1417
|
+
|
|
1418
|
+
- helper-rest, retry on request error 504 Gateway Timeout
|
|
1419
|
+
- performance micro-optimization on log mask logic
|
|
1420
|
+
|
|
1408
1421
|
### v5.3.1
|
|
1409
1422
|
|
|
1410
1423
|
[Fixed]
|
package/lib/helper-rest.ts
CHANGED
|
@@ -142,6 +142,7 @@ export class HelperRest {
|
|
|
142
142
|
grant_type: 'urn:ietf:params:oauth:grant-type:saml2-bearer',
|
|
143
143
|
client_id: clientId,
|
|
144
144
|
company_id: companyId,
|
|
145
|
+
new_token: true,
|
|
145
146
|
assertion: await samlAssertion.run(context, cert, key, issuer, lifetime, clientId, nameId, userIdentifierFormat, tokenEndpoint, audience, delay),
|
|
146
147
|
}
|
|
147
148
|
break
|
|
@@ -699,7 +700,7 @@ export class HelperRest {
|
|
|
699
700
|
try { urlObj = new URL(path) } catch (err) { void 0 }
|
|
700
701
|
let isServiceClient = !urlObj && this._serviceClient[baseEntity] && !this.lock.isLocked() // !isLocked to avoid retry ongoing doRequest with failing getAccessToken()
|
|
701
702
|
let oAuthTokeErr = statusCode === 401 && this.config_entity[baseEntity].connection?.auth?.type && this.config_entity[baseEntity].connection.auth.type.startsWith('oauth')
|
|
702
|
-
if (isServiceClient && (err.code === 'ECONNREFUSED' || err.code === 'ENOTFOUND' || err.code === 'ABORT_ERR' || err.code === 'ETIMEDOUT' || oAuthTokeErr || retryAfter)) {
|
|
703
|
+
if (isServiceClient && (err.code === 'ECONNREFUSED' || err.code === 'ENOTFOUND' || err.code === 'ABORT_ERR' || err.code === 'ETIMEDOUT' || statusCode === 504 || oAuthTokeErr || retryAfter)) {
|
|
703
704
|
this.scimgateway.logDebug(baseEntity, `doRequest ${method} ${path} Body = ${JSON.stringify(body)} Error Response = ${err.message}`)
|
|
704
705
|
if (retryAfter) {
|
|
705
706
|
this.scimgateway.logDebug(baseEntity, `doRequest ${method} ${path} throttle/ratelimit error - awaiting ${retryAfter} seconds before automatic retry`)
|
package/lib/logger.ts
CHANGED
|
@@ -176,21 +176,23 @@ export class Logger {
|
|
|
176
176
|
msg = msg.replace(
|
|
177
177
|
this.reJson,
|
|
178
178
|
// eslint-disable-next-line @typescript-eslint/no-unused-vars
|
|
179
|
-
(_, keyValuePair, value) => `${keyValuePair}"
|
|
179
|
+
(_, keyValuePair, value) => `${keyValuePair}"******"`,
|
|
180
180
|
)
|
|
181
181
|
|
|
182
182
|
// Mask JSON path/value secrets (SCIM 2.0 PATCH Operations)
|
|
183
|
-
|
|
184
|
-
|
|
185
|
-
|
|
186
|
-
|
|
183
|
+
if (msg.includes('"path"')) {
|
|
184
|
+
msg = msg.replace(
|
|
185
|
+
this.reJsonPathValue,
|
|
186
|
+
(_, prefix, value, suffix) => `${prefix}******${suffix}`,
|
|
187
|
+
)
|
|
188
|
+
}
|
|
187
189
|
|
|
188
|
-
if (msg.includes('<?xml')) {
|
|
189
190
|
// Mask XML/Soap secrets
|
|
190
191
|
// console.log('XML matches found:', msg.match(this.reXml)
|
|
192
|
+
if (msg.includes('<?xml')) {
|
|
191
193
|
msg = msg.replace(
|
|
192
194
|
this.reXml,
|
|
193
|
-
(_, startTag, tagName, value, endTag) => `${startTag}
|
|
195
|
+
(_, startTag, tagName, value, endTag) => `${startTag}******${endTag}`,
|
|
194
196
|
)
|
|
195
197
|
}
|
|
196
198
|
|
package/package.json
CHANGED