strapi-plugin-oidc 1.0.4 → 1.0.5

package/dist/server/index.mjs

@@ -118,10 +118,22 @@ const contentTypes = {
 };
 function configValidation() {
   const config2 = strapi.config.get("plugin::strapi-plugin-oidc");
-  if (config2["OIDC_CLIENT_ID"] && config2["OIDC_CLIENT_SECRET"] && config2["OIDC_REDIRECT_URI"] && config2["OIDC_SCOPES"] && config2["OIDC_TOKEN_ENDPOINT"] && config2["OIDC_USER_INFO_ENDPOINT"] && config2["OIDC_GRANT_TYPE"] && config2["OIDC_FAMILY_NAME_FIELD"] && config2["OIDC_GIVEN_NAME_FIELD"] && config2["OIDC_AUTHORIZATION_ENDPOINT"]) {
+  const requiredKeys = [
+    "OIDC_CLIENT_ID",
+    "OIDC_CLIENT_SECRET",
+    "OIDC_REDIRECT_URI",
+    "OIDC_SCOPES",
+    "OIDC_TOKEN_ENDPOINT",
+    "OIDC_USER_INFO_ENDPOINT",
+    "OIDC_GRANT_TYPE",
+    "OIDC_FAMILY_NAME_FIELD",
+    "OIDC_GIVEN_NAME_FIELD",
+    "OIDC_AUTHORIZATION_ENDPOINT"
+  ];
+  if (requiredKeys.every((key) => config2[key])) {
     return config2;
   }
-  throw new Error("OIDC_AUTHORIZATION_ENDPOINT,OIDC_TOKEN_ENDPOINT, OIDC_USER_INFO_ENDPOINT,OIDC_CLIENT_ID, OIDC_CLIENT_SECRET, OIDC_REDIRECT_URI, and OIDC_SCOPES are required");
+  throw new Error(`The following configuration keys are required: ${requiredKeys.join(", ")}`);
 }
 async function oidcSignIn(ctx) {
   let { state } = ctx.query;
@@ -144,6 +156,66 @@ async function oidcSignIn(ctx) {
   ctx.set("Location", authorizationUrl);
   return ctx.send({}, 302);
 }
+async function exchangeTokenAndFetchUserInfo(httpClient, config2, params) {
+  const response = await httpClient.post(config2.OIDC_TOKEN_ENDPOINT, params, {
+    headers: {
+      "Content-Type": "application/x-www-form-urlencoded"
+    }
+  });
+  let userInfoEndpointHeaders = {};
+  let userInfoEndpointParameters = `?access_token=${response.data.access_token}`;
+  if (config2.OIDC_USER_INFO_ENDPOINT_WITH_AUTH_HEADER) {
+    userInfoEndpointHeaders = {
+      headers: { Authorization: `Bearer ${response.data.access_token}` }
+    };
+    userInfoEndpointParameters = "";
+  }
+  const userInfoEndpoint = `${config2.OIDC_USER_INFO_ENDPOINT}${userInfoEndpointParameters}`;
+  const userResponse = await httpClient.get(userInfoEndpoint, userInfoEndpointHeaders);
+  return userResponse.data;
+}
+async function registerNewUser(userService, oauthService2, roleService2, email, userResponseData, whitelistUser, config2, ctx) {
+  let roles2 = [];
+  if (whitelistUser?.roles?.length > 0) {
+    roles2 = whitelistUser.roles;
+  } else {
+    const oidcRoles = await roleService2.oidcRoles();
+    roles2 = oidcRoles?.roles || [];
+  }
+  const defaultLocale = oauthService2.localeFindByHeader(ctx.request.headers);
+  const activateUser = await oauthService2.createUser(
+    email,
+    userResponseData[config2.OIDC_FAMILY_NAME_FIELD],
+    userResponseData[config2.OIDC_GIVEN_NAME_FIELD],
+    defaultLocale,
+    roles2
+  );
+  await oauthService2.triggerWebHook(activateUser);
+  return activateUser;
+}
+async function handleUserAuthentication(userService, oauthService2, roleService2, whitelistService2, userResponseData, config2, ctx) {
+  const email = userResponseData.email;
+  const whitelistUser = await whitelistService2.checkWhitelistForEmail(email);
+  const dbUser = await userService.findOneByEmail(email);
+  let activateUser;
+  if (dbUser) {
+    activateUser = dbUser;
+  } else {
+    activateUser = await registerNewUser(
+      userService,
+      oauthService2,
+      roleService2,
+      email,
+      userResponseData,
+      whitelistUser,
+      config2,
+      ctx
+    );
+  }
+  const jwtToken = await oauthService2.generateToken(activateUser, ctx);
+  oauthService2.triggerSignInSuccess(activateUser);
+  return { activateUser, jwtToken };
+}
 async function oidcSignInCallback(ctx) {
   const config2 = configValidation();
   const httpClient = axios.create();
@@ -152,77 +224,41 @@ async function oidcSignInCallback(ctx) {
   const roleService2 = strapi.plugin("strapi-plugin-oidc").service("role");
   const whitelistService2 = strapi.plugin("strapi-plugin-oidc").service("whitelist");
   if (!ctx.query.code) {
-    return ctx.send(oauthService2.renderSignUpError(`code Not Found`));
+    return ctx.send(oauthService2.renderSignUpError("code Not Found"));
   }
   if (!ctx.query.state || ctx.query.state !== ctx.session.oidcState) {
-    return ctx.send(oauthService2.renderSignUpError(`Invalid state`));
+    return ctx.send(oauthService2.renderSignUpError("Invalid state"));
   }
   const params = new URLSearchParams();
   params.append("code", ctx.query.code);
-  params.append("client_id", config2["OIDC_CLIENT_ID"]);
-  params.append("client_secret", config2["OIDC_CLIENT_SECRET"]);
-  params.append("redirect_uri", config2["OIDC_REDIRECT_URI"]);
-  params.append("grant_type", config2["OIDC_GRANT_TYPE"]);
+  params.append("client_id", config2.OIDC_CLIENT_ID);
+  params.append("client_secret", config2.OIDC_CLIENT_SECRET);
+  params.append("redirect_uri", config2.OIDC_REDIRECT_URI);
+  params.append("grant_type", config2.OIDC_GRANT_TYPE);
   params.append("code_verifier", ctx.session.codeVerifier);
   try {
-    const response = await httpClient.post(config2["OIDC_TOKEN_ENDPOINT"], params, {
-      headers: {
-        "Content-Type": "application/x-www-form-urlencoded"
-      }
-    });
-    let userInfoEndpointHeaders = {};
-    let userInfoEndpointParameters = `?access_token=${response.data.access_token}`;
-    if (config2["OIDC_USER_INFO_ENDPOINT_WITH_AUTH_HEADER"]) {
-      userInfoEndpointHeaders = {
-        headers: { Authorization: `Bearer ${response.data.access_token}` }
-      };
-      userInfoEndpointParameters = "";
-    }
-    const userInfoEndpoint = `${config2["OIDC_USER_INFO_ENDPOINT"]}${userInfoEndpointParameters}`;
-    const userResponse = await httpClient.get(
-      userInfoEndpoint,
-      userInfoEndpointHeaders
+    const userResponseData = await exchangeTokenAndFetchUserInfo(httpClient, config2, params);
+    const { activateUser, jwtToken } = await handleUserAuthentication(
+      userService,
+      oauthService2,
+      roleService2,
+      whitelistService2,
+      userResponseData,
+      config2,
+      ctx
     );
-    const email = userResponse.data.email;
-    const whitelistUser = await whitelistService2.checkWhitelistForEmail(email);
-    const dbUser = await userService.findOneByEmail(email);
-    let activateUser;
-    let jwtToken;
-    if (dbUser) {
-      activateUser = dbUser;
-      jwtToken = await oauthService2.generateToken(dbUser, ctx);
-    } else {
-      let roles2 = [];
-      if (whitelistUser && whitelistUser.roles && whitelistUser.roles.length > 0) {
-        roles2 = whitelistUser.roles;
-      } else {
-        const oidcRoles = await roleService2.oidcRoles();
-        roles2 = oidcRoles && oidcRoles["roles"] ? oidcRoles["roles"] : [];
-      }
-      const defaultLocale = oauthService2.localeFindByHeader(ctx.request.headers);
-      activateUser = await oauthService2.createUser(
-        email,
-        userResponse.data[config2["OIDC_FAMILY_NAME_FIELD"]],
-        userResponse.data[config2["OIDC_GIVEN_NAME_FIELD"]],
-        defaultLocale,
-        roles2
-      );
-      jwtToken = await oauthService2.generateToken(activateUser, ctx);
-      await oauthService2.triggerWebHook(activateUser);
-    }
-    oauthService2.triggerSignInSuccess(activateUser);
     const nonce = randomUUID();
     const html = oauthService2.renderSignUpSuccess(jwtToken, activateUser, nonce);
     ctx.set("Content-Security-Policy", `script-src 'nonce-${nonce}'`);
     ctx.send(html);
   } catch (e) {
-    console.error(e);
+    console.error("ERROR CAUGHT IN OIDC SIGNIN:", e);
     ctx.send(oauthService2.renderSignUpError(e.message));
   }
 }
 async function logout(ctx) {
   const config2 = strapi.config.get("plugin::strapi-plugin-oidc");
-  const logoutUrl = config2["OIDC_LOGOUT_URL"];
+  const logoutUrl = config2.OIDC_LOGOUT_URL;
   if (logoutUrl) {
     ctx.redirect(logoutUrl);
   } else {
@@ -240,10 +276,9 @@ async function find(ctx) {
   const roles2 = await roleService2.find();
   const oidcConstants = roleService2.getOidcRoles();
   for (const oidc2 of oidcConstants) {
-    for (const role2 of roles2) {
-      if (role2["oauth_type"] === oidc2["oauth_type"]) {
-        oidc2["role"] = role2["roles"];
-      }
+    const matchedRole = roles2.find((r) => r.oauth_type === oidc2.oauth_type);
+    if (matchedRole) {
+      oidc2.role = matchedRole.roles;
     }
   }
   ctx.send(oidcConstants);
@@ -255,7 +290,7 @@ async function update(ctx) {
     await roleService2.update(roles2);
     ctx.send({}, 204);
   } catch (e) {
-    console.log(e);
+    console.error(e);
     ctx.send({}, 400);
   }
 }
@@ -289,12 +324,10 @@ async function publicSettings(ctx) {
 async function register(ctx) {
   const { email, roles: roles2 } = ctx.request.body;
   if (!email) {
-    ctx.body = {
-      message: "Please enter a valid email address"
-    };
+    ctx.body = { message: "Please enter a valid email address" };
     return;
   }
-  const emailList = Array.isArray(email) ? email : email.split(",").map((e) => e.trim()).filter((e) => e);
+  const emailList = Array.isArray(email) ? email : email.split(",").map((e) => e.trim()).filter(Boolean);
   const existingUsers = await strapi.query("admin::user").findMany({
     where: { email: { $in: emailList } },
     populate: ["roles"]
@@ -304,8 +337,8 @@ async function register(ctx) {
   for (const singleEmail of emailList) {
     const existingUser = existingUsers.find((u) => u.email === singleEmail);
     let finalRoles = roles2;
-    if (existingUser && existingUser.roles) {
-      finalRoles = existingUser.roles.map((r) => r.id.toString());
+    if (existingUser?.roles) {
+      finalRoles = existingUser.roles.map((r) => String(r.id));
       matchedExistingUsersCount++;
     }
     const alreadyWhitelisted = await strapi.query("plugin::strapi-plugin-oidc.whitelists").findOne({
@@ -342,8 +375,8 @@ async function syncUsers(ctx) {
     const existingStrapiUser = existingStrapiUsers.find((u) => u.email === user.email);
     let finalRoles = user.roles;
     const currUser = currentUsers.find((u) => u.email === user.email);
-    if (!currUser && existingStrapiUser && existingStrapiUser.roles) {
-      finalRoles = existingStrapiUser.roles.map((r) => r.id.toString());
+    if (!currUser && existingStrapiUser?.roles) {
+      finalRoles = existingStrapiUser.roles.map((r) => String(r.id));
       matchedExistingUsersCount++;
     }
     if (currUser) {
@@ -493,8 +526,8 @@ function oauthService({ strapi: strapi2 }) {
         }
       }
       const createdUser = await userService.create({
-        firstname: firstname ? firstname : "unset",
-        lastname: lastname ? lastname : "",
+        firstname: firstname || "unset",
+        lastname: lastname || "",
         email: email.toLocaleLowerCase(),
         roles: roles2,
         preferedLanguage: locale
@@ -502,8 +535,8 @@ function oauthService({ strapi: strapi2 }) {
       return await userService.register({
         registrationToken: createdUser.registrationToken,
         userInfo: {
-          firstname: firstname ? firstname : "unset",
-          lastname: lastname ? lastname : "user",
+          firstname: firstname || "unset",
+          lastname: lastname || "user",
           password: generator.generate({
             length: 43,
             // 256 bits (https://en.wikipedia.org/wiki/Password_strength#Random_passwords)
@@ -527,11 +560,7 @@ function oauthService({ strapi: strapi2 }) {
       return `${origin}+${alias}${domain}`;
     },
     localeFindByHeader(headers) {
-      if (headers["accept-language"] && headers["accept-language"].includes("ja")) {
-        return "ja";
-      } else {
-        return "en";
-      }
+      return headers["accept-language"]?.includes("ja") ? "ja" : "en";
     },
     async triggerWebHook(user) {
       let ENTRY_CREATE;
@@ -554,7 +583,7 @@ function oauthService({ strapi: strapi2 }) {
       });
     },
     triggerSignInSuccess(user) {
-      delete user["password"];
+      delete user.password;
       const eventHub = strapi2.serviceMap.get("eventHub");
       eventHub.emit("admin.auth.success", {
         user,
@@ -654,35 +683,35 @@ function roleService({ strapi: strapi2 }) {
     getOidcRoles() {
       return [
         {
-          "oauth_type": this.OIDC_TYPE,
+          oauth_type: this.OIDC_TYPE,
           name: "OIDC"
         }
       ];
     },
     async oidcRoles() {
-      return await strapi2.query("plugin::strapi-plugin-oidc.roles").findOne({
+      return strapi2.query("plugin::strapi-plugin-oidc.roles").findOne({
         where: {
-          "oauth_type": this.OIDC_TYPE
+          oauth_type: this.OIDC_TYPE
         }
       });
     },
     async find() {
-      return await strapi2.query("plugin::strapi-plugin-oidc.roles").findMany();
+      return strapi2.query("plugin::strapi-plugin-oidc.roles").findMany();
     },
     async update(roles2) {
       const query = strapi2.query("plugin::strapi-plugin-oidc.roles");
       await Promise.all(
         roles2.map(async (role2) => {
-          const oidcRole = await query.findOne({ where: { "oauth_type": role2["oauth_type"] } });
+          const oidcRole = await query.findOne({ where: { oauth_type: role2.oauth_type } });
           if (oidcRole) {
             await query.update({
-              where: { "oauth_type": role2["oauth_type"] },
+              where: { oauth_type: role2.oauth_type },
               data: { roles: role2.role }
             });
           } else {
             await query.create({
               data: {
-                "oauth_type": role2["oauth_type"],
+                oauth_type: role2.oauth_type,
                 roles: role2.role
               }
             });
@@ -709,7 +738,7 @@ function whitelistService({ strapi: strapi2 }) {
     },
     async getUsers() {
       const query = strapi2.query("plugin::strapi-plugin-oidc.whitelists");
-      return await query.findMany();
+      return query.findMany();
     },
     async registerUser(email, roles2) {
       const query = strapi2.query("plugin::strapi-plugin-oidc.whitelists");
@@ -730,6 +759,7 @@ function whitelistService({ strapi: strapi2 }) {
     },
     async checkWhitelistForEmail(email) {
       const settings = await this.getSettings();
+      console.log("checkWhitelistForEmail settings:", settings);
       if (!settings.useWhitelist) {
         return null;
       }
@@ -739,7 +769,8 @@ function whitelistService({ strapi: strapi2 }) {
           email
         }
       });
-      if (result === null) {
+      console.log("checkWhitelistForEmail result:", result);
+      if (!result) {
         throw new Error("Not present in whitelist");
       }
       return result;

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "strapi-plugin-oidc",
-  "version": "1.0.4",
+  "version": "1.0.5",
   "description": "A Strapi plugin that provides OpenID Connect (OIDC) authentication functionality for the Strapi Admin Panel.",
   "strapi": {
     "displayName": "OIDC Plugin",
@@ -15,6 +15,8 @@
     "verify": "strapi-plugin verify",
     "test": "vitest run -c vitest.config.e2e.ts",
     "lint": "eslint",
+    "fallow:check": "fallow",
+    "fallow:fix": "fallow fix --yes",
     "prepare": "husky"
   },
   "lint-staged": {
@@ -73,7 +75,6 @@
     "@eslint/eslintrc": "^3.3.5",
     "@eslint/js": "^10.0.1",
     "@strapi/sdk-plugin": "^6.0.1",
-    "@strapi/typescript-utils": "^5.41.1",
     "@types/node": "^25.5.2",
     "@types/supertest": "^7.2.0",
     "@vitest/coverage-v8": "^4.1.2",