strapi-plugin-oidc 1.7.0 → 1.7.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/admin/{index-DB7zjuHj.js → index-B0piQv3P.js} +1 -1
- package/dist/admin/{index-UvfJxIgI.mjs → index-BJqQjQee.mjs} +2 -2
- package/dist/admin/{index-D_ZKgByO.mjs → index-BkJB6R7y.mjs} +1 -1
- package/dist/admin/{index-C2KZ4QxC.js → index-hjzLEp0H.js} +2 -2
- package/dist/admin/index.js +1 -1
- package/dist/admin/index.mjs +1 -1
- package/dist/server/index.js +22 -7
- package/dist/server/index.mjs +22 -7
- package/package.json +1 -1
|
@@ -166,7 +166,7 @@ const index = {
|
|
|
166
166
|
defaultMessage: "Configuration"
|
|
167
167
|
},
|
|
168
168
|
Component: async () => {
|
|
169
|
-
return await Promise.resolve().then(() => require("./index-
|
|
169
|
+
return await Promise.resolve().then(() => require("./index-hjzLEp0H.js"));
|
|
170
170
|
},
|
|
171
171
|
permissions: [{ action: "plugin::strapi-plugin-oidc.read", subject: null }]
|
|
172
172
|
}
|
|
@@ -5,7 +5,7 @@ import { useState, useRef, useId, useEffect, useCallback, useReducer, useMemo, m
|
|
|
5
5
|
import { Typography, Flex, Box, MultiSelect, MultiSelectOption, Dialog, Button, Table, Pagination, PreviousLink, NextLink, PageLink, Field, Divider, Thead, Tr, Th, Tbody, Td, IconButton, Tooltip, Alert } from "@strapi/design-system";
|
|
6
6
|
import { Cross, WarningCircle, Plus, Download, Upload, Trash, Calendar, Mail, Information } from "@strapi/icons";
|
|
7
7
|
import { useIntl } from "react-intl";
|
|
8
|
-
import { g as getTrad } from "./index-
|
|
8
|
+
import { g as getTrad } from "./index-BkJB6R7y.mjs";
|
|
9
9
|
import styled from "styled-components";
|
|
10
10
|
import { Filter, ClipboardList, Server } from "lucide-react";
|
|
11
11
|
function Role({ oidcRoles, roles, onChangeRole }) {
|
|
@@ -80,7 +80,7 @@ const TagInputWrapper = styled(Box)`
|
|
|
80
80
|
box-shadow: 0 0 0 2px ${({ theme }) => theme.colors.primary100};
|
|
81
81
|
}
|
|
82
82
|
`;
|
|
83
|
-
const TagStyledInput = styled.input`
|
|
83
|
+
const TagStyledInput = styled.input.attrs({ autocomplete: "off" })`
|
|
84
84
|
border: none;
|
|
85
85
|
background: transparent;
|
|
86
86
|
outline: none;
|
|
@@ -165,7 +165,7 @@ const index = {
|
|
|
165
165
|
defaultMessage: "Configuration"
|
|
166
166
|
},
|
|
167
167
|
Component: async () => {
|
|
168
|
-
return await import("./index-
|
|
168
|
+
return await import("./index-BJqQjQee.mjs");
|
|
169
169
|
},
|
|
170
170
|
permissions: [{ action: "plugin::strapi-plugin-oidc.read", subject: null }]
|
|
171
171
|
}
|
|
@@ -7,7 +7,7 @@ const react = require("react");
|
|
|
7
7
|
const designSystem = require("@strapi/design-system");
|
|
8
8
|
const icons = require("@strapi/icons");
|
|
9
9
|
const reactIntl = require("react-intl");
|
|
10
|
-
const index = require("./index-
|
|
10
|
+
const index = require("./index-B0piQv3P.js");
|
|
11
11
|
const styled = require("styled-components");
|
|
12
12
|
const lucideReact = require("lucide-react");
|
|
13
13
|
const _interopDefault = (e) => e && e.__esModule ? e : { default: e };
|
|
@@ -84,7 +84,7 @@ const TagInputWrapper = styled__default.default(designSystem.Box)`
|
|
|
84
84
|
box-shadow: 0 0 0 2px ${({ theme }) => theme.colors.primary100};
|
|
85
85
|
}
|
|
86
86
|
`;
|
|
87
|
-
const TagStyledInput = styled__default.default.input`
|
|
87
|
+
const TagStyledInput = styled__default.default.input.attrs({ autocomplete: "off" })`
|
|
88
88
|
border: none;
|
|
89
89
|
background: transparent;
|
|
90
90
|
outline: none;
|
package/dist/admin/index.js
CHANGED
package/dist/admin/index.mjs
CHANGED
package/dist/server/index.js
CHANGED
|
@@ -483,6 +483,21 @@ const OIDC_ERROR_DISPATCH = {
|
|
|
483
483
|
key: "sign_in_unknown"
|
|
484
484
|
}
|
|
485
485
|
};
|
|
486
|
+
function getClientIp(ctx) {
|
|
487
|
+
const cfConnectingIp = ctx.get("CF-Connecting-IP");
|
|
488
|
+
if (cfConnectingIp) {
|
|
489
|
+
return cfConnectingIp.split(",")[0].trim();
|
|
490
|
+
}
|
|
491
|
+
const forwardedFor = ctx.get("X-Forwarded-For");
|
|
492
|
+
if (forwardedFor) {
|
|
493
|
+
return forwardedFor.split(",")[0].trim();
|
|
494
|
+
}
|
|
495
|
+
const realIp = ctx.get("X-Real-IP");
|
|
496
|
+
if (realIp) {
|
|
497
|
+
return realIp.trim();
|
|
498
|
+
}
|
|
499
|
+
return ctx.ip;
|
|
500
|
+
}
|
|
486
501
|
const REQUIRED_CONFIG_KEYS = [
|
|
487
502
|
"OIDC_CLIENT_ID",
|
|
488
503
|
"OIDC_CLIENT_SECRET",
|
|
@@ -752,7 +767,7 @@ async function logSuccessfulAuth(auditLog2, ctx, user, userCreated, rolesUpdated
|
|
|
752
767
|
auditLog2.log({
|
|
753
768
|
action: "login_success",
|
|
754
769
|
email: user.email,
|
|
755
|
-
ip: ctx
|
|
770
|
+
ip: getClientIp(ctx),
|
|
756
771
|
detailsKey: rolesUpdated ? "roles_updated" : void 0,
|
|
757
772
|
detailsParams: rolesUpdated ? { roles: roles2 } : void 0
|
|
758
773
|
})
|
|
@@ -762,7 +777,7 @@ async function logSuccessfulAuth(auditLog2, ctx, user, userCreated, rolesUpdated
|
|
|
762
777
|
auditLog2.log({
|
|
763
778
|
action: "user_created",
|
|
764
779
|
email: user.email,
|
|
765
|
-
ip: ctx
|
|
780
|
+
ip: getClientIp(ctx),
|
|
766
781
|
detailsKey: "user_created",
|
|
767
782
|
detailsParams: { roles: roles2 }
|
|
768
783
|
})
|
|
@@ -776,7 +791,7 @@ async function handleCallbackError(e, userInfo, auditLog2, oauthService2, ctx) {
|
|
|
776
791
|
await auditLog2.log({
|
|
777
792
|
action: errorInfo.action,
|
|
778
793
|
email: userInfo?.email,
|
|
779
|
-
ip: ctx
|
|
794
|
+
ip: getClientIp(ctx),
|
|
780
795
|
detailsKey: errorInfo.action,
|
|
781
796
|
detailsParams: errorInfo.action === "login_failure" ? { message } : void 0
|
|
782
797
|
});
|
|
@@ -796,14 +811,14 @@ async function oidcSignInCallback(ctx) {
|
|
|
796
811
|
const auditLog2 = getAuditLogService();
|
|
797
812
|
const locale = negotiateLocale(ctx.request.headers["accept-language"]);
|
|
798
813
|
if (!ctx.query.code) {
|
|
799
|
-
await auditLog2.log({ action: "missing_code", ip: ctx
|
|
814
|
+
await auditLog2.log({ action: "missing_code", ip: getClientIp(ctx) });
|
|
800
815
|
return ctx.send(
|
|
801
816
|
oauthService2.renderSignUpError(userFacingMessages(locale).missing_code, locale)
|
|
802
817
|
);
|
|
803
818
|
}
|
|
804
819
|
const { oidcState, codeVerifier, oidcNonce } = readAndClearPkceCookies(ctx);
|
|
805
820
|
if (!ctx.query.state || ctx.query.state !== oidcState) {
|
|
806
|
-
await auditLog2.log({ action: "state_mismatch", ip: ctx
|
|
821
|
+
await auditLog2.log({ action: "state_mismatch", ip: getClientIp(ctx) });
|
|
807
822
|
return ctx.send(
|
|
808
823
|
oauthService2.renderSignUpError(userFacingMessages(locale).invalid_state, locale)
|
|
809
824
|
);
|
|
@@ -882,7 +897,7 @@ async function logout(ctx) {
|
|
|
882
897
|
if (!isOidcSession) {
|
|
883
898
|
return ctx.redirect(loginUrl);
|
|
884
899
|
}
|
|
885
|
-
const logAudit = (action) => userEmail ? auditLog2.log({ action, email: userEmail, ip: ctx
|
|
900
|
+
const logAudit = (action) => userEmail ? auditLog2.log({ action, email: userEmail, ip: getClientIp(ctx) }) : Promise.resolve();
|
|
886
901
|
if (logoutUrl && accessToken) {
|
|
887
902
|
const active = await isProviderSessionActive(config2.OIDC_USERINFO_ENDPOINT, accessToken);
|
|
888
903
|
if (active) {
|
|
@@ -1277,7 +1292,7 @@ const rateLimitMap = /* @__PURE__ */ new Map();
|
|
|
1277
1292
|
const RATE_LIMIT_WINDOW = 6e4;
|
|
1278
1293
|
const MAX_REQUESTS = 1e3;
|
|
1279
1294
|
function getRateLimitKey(ctx) {
|
|
1280
|
-
const ip = ctx
|
|
1295
|
+
const ip = getClientIp(ctx);
|
|
1281
1296
|
const ua = ctx.request.header["user-agent"] ?? "";
|
|
1282
1297
|
const uaHash = node_crypto.createHash("sha256").update(ua).digest("hex").slice(0, 16);
|
|
1283
1298
|
return `${ip}:${uaHash}`;
|
package/dist/server/index.mjs
CHANGED
|
@@ -477,6 +477,21 @@ const OIDC_ERROR_DISPATCH = {
|
|
|
477
477
|
key: "sign_in_unknown"
|
|
478
478
|
}
|
|
479
479
|
};
|
|
480
|
+
function getClientIp(ctx) {
|
|
481
|
+
const cfConnectingIp = ctx.get("CF-Connecting-IP");
|
|
482
|
+
if (cfConnectingIp) {
|
|
483
|
+
return cfConnectingIp.split(",")[0].trim();
|
|
484
|
+
}
|
|
485
|
+
const forwardedFor = ctx.get("X-Forwarded-For");
|
|
486
|
+
if (forwardedFor) {
|
|
487
|
+
return forwardedFor.split(",")[0].trim();
|
|
488
|
+
}
|
|
489
|
+
const realIp = ctx.get("X-Real-IP");
|
|
490
|
+
if (realIp) {
|
|
491
|
+
return realIp.trim();
|
|
492
|
+
}
|
|
493
|
+
return ctx.ip;
|
|
494
|
+
}
|
|
480
495
|
const REQUIRED_CONFIG_KEYS = [
|
|
481
496
|
"OIDC_CLIENT_ID",
|
|
482
497
|
"OIDC_CLIENT_SECRET",
|
|
@@ -746,7 +761,7 @@ async function logSuccessfulAuth(auditLog2, ctx, user, userCreated, rolesUpdated
|
|
|
746
761
|
auditLog2.log({
|
|
747
762
|
action: "login_success",
|
|
748
763
|
email: user.email,
|
|
749
|
-
ip: ctx
|
|
764
|
+
ip: getClientIp(ctx),
|
|
750
765
|
detailsKey: rolesUpdated ? "roles_updated" : void 0,
|
|
751
766
|
detailsParams: rolesUpdated ? { roles: roles2 } : void 0
|
|
752
767
|
})
|
|
@@ -756,7 +771,7 @@ async function logSuccessfulAuth(auditLog2, ctx, user, userCreated, rolesUpdated
|
|
|
756
771
|
auditLog2.log({
|
|
757
772
|
action: "user_created",
|
|
758
773
|
email: user.email,
|
|
759
|
-
ip: ctx
|
|
774
|
+
ip: getClientIp(ctx),
|
|
760
775
|
detailsKey: "user_created",
|
|
761
776
|
detailsParams: { roles: roles2 }
|
|
762
777
|
})
|
|
@@ -770,7 +785,7 @@ async function handleCallbackError(e, userInfo, auditLog2, oauthService2, ctx) {
|
|
|
770
785
|
await auditLog2.log({
|
|
771
786
|
action: errorInfo.action,
|
|
772
787
|
email: userInfo?.email,
|
|
773
|
-
ip: ctx
|
|
788
|
+
ip: getClientIp(ctx),
|
|
774
789
|
detailsKey: errorInfo.action,
|
|
775
790
|
detailsParams: errorInfo.action === "login_failure" ? { message } : void 0
|
|
776
791
|
});
|
|
@@ -790,14 +805,14 @@ async function oidcSignInCallback(ctx) {
|
|
|
790
805
|
const auditLog2 = getAuditLogService();
|
|
791
806
|
const locale = negotiateLocale(ctx.request.headers["accept-language"]);
|
|
792
807
|
if (!ctx.query.code) {
|
|
793
|
-
await auditLog2.log({ action: "missing_code", ip: ctx
|
|
808
|
+
await auditLog2.log({ action: "missing_code", ip: getClientIp(ctx) });
|
|
794
809
|
return ctx.send(
|
|
795
810
|
oauthService2.renderSignUpError(userFacingMessages(locale).missing_code, locale)
|
|
796
811
|
);
|
|
797
812
|
}
|
|
798
813
|
const { oidcState, codeVerifier, oidcNonce } = readAndClearPkceCookies(ctx);
|
|
799
814
|
if (!ctx.query.state || ctx.query.state !== oidcState) {
|
|
800
|
-
await auditLog2.log({ action: "state_mismatch", ip: ctx
|
|
815
|
+
await auditLog2.log({ action: "state_mismatch", ip: getClientIp(ctx) });
|
|
801
816
|
return ctx.send(
|
|
802
817
|
oauthService2.renderSignUpError(userFacingMessages(locale).invalid_state, locale)
|
|
803
818
|
);
|
|
@@ -876,7 +891,7 @@ async function logout(ctx) {
|
|
|
876
891
|
if (!isOidcSession) {
|
|
877
892
|
return ctx.redirect(loginUrl);
|
|
878
893
|
}
|
|
879
|
-
const logAudit = (action) => userEmail ? auditLog2.log({ action, email: userEmail, ip: ctx
|
|
894
|
+
const logAudit = (action) => userEmail ? auditLog2.log({ action, email: userEmail, ip: getClientIp(ctx) }) : Promise.resolve();
|
|
880
895
|
if (logoutUrl && accessToken) {
|
|
881
896
|
const active = await isProviderSessionActive(config2.OIDC_USERINFO_ENDPOINT, accessToken);
|
|
882
897
|
if (active) {
|
|
@@ -1271,7 +1286,7 @@ const rateLimitMap = /* @__PURE__ */ new Map();
|
|
|
1271
1286
|
const RATE_LIMIT_WINDOW = 6e4;
|
|
1272
1287
|
const MAX_REQUESTS = 1e3;
|
|
1273
1288
|
function getRateLimitKey(ctx) {
|
|
1274
|
-
const ip = ctx
|
|
1289
|
+
const ip = getClientIp(ctx);
|
|
1275
1290
|
const ua = ctx.request.header["user-agent"] ?? "";
|
|
1276
1291
|
const uaHash = createHash("sha256").update(ua).digest("hex").slice(0, 16);
|
|
1277
1292
|
return `${ip}:${uaHash}`;
|
package/package.json
CHANGED