npm - strapi-plugin-oidc - Versions diffs - 1.8.1 → 1.8.3 - Mend

strapi-plugin-oidc 1.8.1 → 1.8.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (3) hide show

package/dist/server/index.js CHANGED Viewed

@@ -12,6 +12,58 @@ const strapiUtils__default = /* @__PURE__ */ _interopDefault(strapiUtils);
 const generator__default = /* @__PURE__ */ _interopDefault(generator);
 function register$1() {
 }
+const errorCodes = {
+  TOKEN_EXCHANGE_FAILED: "TOKEN_EXCHANGE_FAILED",
+  USERINFO_FETCH_FAILED: "USERINFO_FETCH_FAILED",
+  ID_TOKEN_PARSE_FAILED: "ID_TOKEN_PARSE_FAILED",
+  NONCE_MISMATCH: "NONCE_MISMATCH",
+  ROLE_UPDATE_FAILED: "ROLE_UPDATE_FAILED",
+  USER_CREATION_FAILED: "USER_CREATION_FAILED",
+  WHITELIST_CHECK_FAILED: "WHITELIST_CHECK_FAILED",
+  EMAIL_NOT_VERIFIED: "EMAIL_NOT_VERIFIED",
+  ID_TOKEN_INVALID: "ID_TOKEN_INVALID"
+};
+const ERROR_DETAIL_TEMPLATES = {
+  token_exchange_failed: "Token exchange failed with HTTP status {status}",
+  userinfo_fetch_failed: "UserInfo endpoint returned HTTP {status}",
+  role_update_failed: "Role update failed for user {userId}: {error}",
+  user_creation_failed: "User creation failed for {email}: {error}",
+  id_token_parse_failed: "ID token parse failed: {error}",
+  sign_in_unknown: "Unknown sign-in error: {error}",
+  invalid_email: "Invalid email address received from OIDC provider",
+  email_not_verified: "Email address has not been verified by the OIDC provider",
+  id_token_invalid: "ID token verification failed: {error}",
+  whitelist_not_present: "Email not present in whitelist",
+  session_manager_unsupported: "sessionManager is not supported. Please upgrade to Strapi v5.24.1 or later."
+};
+function interpolate$1(template, params) {
+  if (!params) return template;
+  return template.replace(/\{(\w+)\}/g, (_, key) => String(params[key] ?? `{${key}}`));
+}
+function getErrorDetail(key, params) {
+  const template = ERROR_DETAIL_TEMPLATES[key];
+  if (!template) return void 0;
+  return interpolate$1(template, params);
+}
+const errorMessages = {
+  TOKEN_EXCHANGE_FAILED: "Token exchange failed",
+  USERINFO_FETCH_FAILED: "Failed to fetch user info",
+  ID_TOKEN_PARSE_FAILED: "Failed to parse ID token",
+  NONCE_MISMATCH: "Nonce mismatch",
+  INVALID_EMAIL: "Invalid email address received from OIDC provider",
+  EMAIL_NOT_VERIFIED: "Email address has not been verified by the OIDC provider",
+  ID_TOKEN_INVALID: "ID token verification failed",
+  WHITELIST_NOT_PRESENT: "Not present in whitelist",
+  SESSION_MANAGER_UNSUPPORTED: "sessionManager is not supported. Please upgrade to Strapi v5.24.1 or later.",
+  JWKS_URI_NOT_CONFIGURED: "[OIDC] OIDC_JWKS_URI is not configured — ID token signature verification is disabled. Set OIDC_JWKS_URI and OIDC_ISSUER from your provider's discovery document.",
+  ENFORCE_MIDDLEWARE_ERROR: "Error checking OIDC enforcement in middleware:",
+  ENFORCE_SYNC_ERROR: "[strapi-plugin-oidc] Failed to sync OIDC_ENFORCE to database:",
+  DEFAULT_ROLE_INIT_ERROR: "Could not initialize default OIDC role:",
+  AUDIT_LOG_CLEANUP_ERROR: "[strapi-plugin-oidc] Audit log cleanup failed:",
+  AUDIT_LOG_EXPORT_ERROR: "NDJSON export stream failed",
+  DISCOVERY_FETCH_ERROR: (url, reason) => `[strapi-plugin-oidc] Failed to fetch OIDC discovery document from ${url}: ${reason}`,
+  MISSING_CONFIG: (keys) => `Missing required config keys: ${keys}`
+};
 function getEnforceOIDCConfig(strapi2) {
   const config2 = strapi2.config.get("plugin::strapi-plugin-oidc");
   const val = config2.OIDC_ENFORCE;
@@ -64,7 +116,7 @@ async function applyDiscovery(strapi2) {
     doc = await res.json();
   } catch (e) {
     strapi2.log.error(
-      `[strapi-plugin-oidc] Failed to fetch OIDC discovery document from ${discoveryUrl}: ${e instanceof Error ? e.message : String(e)}`
+      errorMessages.DISCOVERY_FETCH_ERROR(discoveryUrl, e instanceof Error ? e.message : String(e))
     );
     return;
   }
@@ -121,7 +173,7 @@ async function bootstrap({ strapi: strapi2 }) {
           return;
         }
       } catch (err) {
-        strapi2.log.error("Error checking OIDC enforcement in middleware:", err);
+        strapi2.log.error(errorMessages.ENFORCE_MIDDLEWARE_ERROR, err);
       }
     }
     await next();
@@ -158,7 +210,7 @@ async function bootstrap({ strapi: strapi2 }) {
         );
       }
     } catch (err) {
-      strapi2.log.error("[strapi-plugin-oidc] Failed to sync OIDC_ENFORCE to database:", err);
+      strapi2.log.error(errorMessages.ENFORCE_SYNC_ERROR, err);
     }
   }
   try {
@@ -172,7 +224,7 @@ async function bootstrap({ strapi: strapi2 }) {
       }
     }
   } catch (err) {
-    strapi2.log.warn("Could not initialize default OIDC role:", err.message);
+    strapi2.log.warn(errorMessages.DEFAULT_ROLE_INIT_ERROR, err.message);
   }
   strapi2.cron.add({
     "strapi-plugin-oidc-audit-log-cleanup": {
@@ -181,7 +233,7 @@ async function bootstrap({ strapi: strapi2 }) {
           const retentionDays = getRetentionDays();
           await getAuditLogService().cleanup(retentionDays);
         } catch (err) {
-          strapi2.log.warn("[strapi-plugin-oidc] Audit log cleanup failed:", err.message);
+          strapi2.log.warn(errorMessages.AUDIT_LOG_CLEANUP_ERROR, err.message);
         }
       },
       options: { rule: "0 0 * * *" }
@@ -297,52 +349,6 @@ const EMAIL_REGEX = /^[^\s@]+@[^\s@]+\.[^\s@]+$/;
 function isValidEmail(email) {
   return EMAIL_REGEX.test(email);
 }
-const errorCodes = {
-  TOKEN_EXCHANGE_FAILED: "TOKEN_EXCHANGE_FAILED",
-  USERINFO_FETCH_FAILED: "USERINFO_FETCH_FAILED",
-  ID_TOKEN_PARSE_FAILED: "ID_TOKEN_PARSE_FAILED",
-  NONCE_MISMATCH: "NONCE_MISMATCH",
-  ROLE_UPDATE_FAILED: "ROLE_UPDATE_FAILED",
-  USER_CREATION_FAILED: "USER_CREATION_FAILED",
-  WHITELIST_CHECK_FAILED: "WHITELIST_CHECK_FAILED",
-  EMAIL_NOT_VERIFIED: "EMAIL_NOT_VERIFIED",
-  ID_TOKEN_INVALID: "ID_TOKEN_INVALID"
-};
-const ERROR_DETAIL_TEMPLATES = {
-  token_exchange_failed: "Token exchange failed with HTTP status {status}",
-  userinfo_fetch_failed: "UserInfo endpoint returned HTTP {status}",
-  role_update_failed: "Role update failed for user {userId}: {error}",
-  user_creation_failed: "User creation failed for {email}: {error}",
-  id_token_parse_failed: "ID token parse failed: {error}",
-  sign_in_unknown: "Unknown sign-in error: {error}",
-  invalid_email: "Invalid email address received from OIDC provider",
-  email_not_verified: "Email address has not been verified by the OIDC provider",
-  id_token_invalid: "ID token verification failed: {error}",
-  whitelist_not_present: "Email not present in whitelist",
-  session_manager_unsupported: "sessionManager is not supported. Please upgrade to Strapi v5.24.1 or later.",
-  missing_config: "Missing required config keys: {keys}"
-};
-function interpolate$1(template, params) {
-  if (!params) return template;
-  return template.replace(/\{(\w+)\}/g, (_, key) => String(params[key] ?? `{${key}}`));
-}
-function getErrorDetail(key, params) {
-  const template = ERROR_DETAIL_TEMPLATES[key];
-  if (!template) return void 0;
-  return interpolate$1(template, params);
-}
-const errorMessages = {
-  TOKEN_EXCHANGE_FAILED: "Token exchange failed",
-  USERINFO_FETCH_FAILED: "Failed to fetch user info",
-  ID_TOKEN_PARSE_FAILED: "Failed to parse ID token",
-  NONCE_MISMATCH: "Nonce mismatch",
-  INVALID_EMAIL: "Invalid email address received from OIDC provider",
-  EMAIL_NOT_VERIFIED: "Email address has not been verified by the OIDC provider",
-  ID_TOKEN_INVALID: "ID token verification failed",
-  WHITELIST_NOT_PRESENT: "Not present in whitelist",
-  SESSION_MANAGER_UNSUPPORTED: "sessionManager is not supported. Please upgrade to Strapi v5.24.1 or later.",
-  MISSING_CONFIG: (keys) => `Missing required config keys: ${keys}`
-};
 const en = {
   "global.plugins.strapi-plugin-oidc": "OIDC Plugin",
   "page.title": "Configure OIDC default role(s) and access controls.",
@@ -617,9 +623,7 @@ async function verifyIdToken(idToken, config2) {
   if (!jwksUri) {
     if (!jwksDisabledWarned) {
       jwksDisabledWarned = true;
-      strapi.log.warn(
-        "[OIDC] OIDC_JWKS_URI is not configured — ID token signature verification is disabled. Set OIDC_JWKS_URI and OIDC_ISSUER from your provider's discovery document."
-      );
+      strapi.log.warn(errorMessages.JWKS_URI_NOT_CONFIGURED);
     }
     return null;
   }
@@ -1391,7 +1395,7 @@ function errorAwareNdjsonStream(strapi2, service, filters) {
   const gen = ndjsonRowStream(service, filters);
   const readable = node_stream.Readable.from(gen);
   readable.on("error", (err) => {
-    strapi2.log.error({ phase: "audit_log_export", err }, "NDJSON export stream failed");
+    strapi2.log.error({ phase: "audit_log_export", err }, errorMessages.AUDIT_LOG_EXPORT_ERROR);
   });
   return readable;
 }

package/dist/server/index.mjs CHANGED Viewed

@@ -6,6 +6,58 @@ import strapiUtils from "@strapi/utils";
 import generator from "generate-password";
 function register$1() {
 }
+const errorCodes = {
+  TOKEN_EXCHANGE_FAILED: "TOKEN_EXCHANGE_FAILED",
+  USERINFO_FETCH_FAILED: "USERINFO_FETCH_FAILED",
+  ID_TOKEN_PARSE_FAILED: "ID_TOKEN_PARSE_FAILED",
+  NONCE_MISMATCH: "NONCE_MISMATCH",
+  ROLE_UPDATE_FAILED: "ROLE_UPDATE_FAILED",
+  USER_CREATION_FAILED: "USER_CREATION_FAILED",
+  WHITELIST_CHECK_FAILED: "WHITELIST_CHECK_FAILED",
+  EMAIL_NOT_VERIFIED: "EMAIL_NOT_VERIFIED",
+  ID_TOKEN_INVALID: "ID_TOKEN_INVALID"
+};
+const ERROR_DETAIL_TEMPLATES = {
+  token_exchange_failed: "Token exchange failed with HTTP status {status}",
+  userinfo_fetch_failed: "UserInfo endpoint returned HTTP {status}",
+  role_update_failed: "Role update failed for user {userId}: {error}",
+  user_creation_failed: "User creation failed for {email}: {error}",
+  id_token_parse_failed: "ID token parse failed: {error}",
+  sign_in_unknown: "Unknown sign-in error: {error}",
+  invalid_email: "Invalid email address received from OIDC provider",
+  email_not_verified: "Email address has not been verified by the OIDC provider",
+  id_token_invalid: "ID token verification failed: {error}",
+  whitelist_not_present: "Email not present in whitelist",
+  session_manager_unsupported: "sessionManager is not supported. Please upgrade to Strapi v5.24.1 or later."
+};
+function interpolate$1(template, params) {
+  if (!params) return template;
+  return template.replace(/\{(\w+)\}/g, (_, key) => String(params[key] ?? `{${key}}`));
+}
+function getErrorDetail(key, params) {
+  const template = ERROR_DETAIL_TEMPLATES[key];
+  if (!template) return void 0;
+  return interpolate$1(template, params);
+}
+const errorMessages = {
+  TOKEN_EXCHANGE_FAILED: "Token exchange failed",
+  USERINFO_FETCH_FAILED: "Failed to fetch user info",
+  ID_TOKEN_PARSE_FAILED: "Failed to parse ID token",
+  NONCE_MISMATCH: "Nonce mismatch",
+  INVALID_EMAIL: "Invalid email address received from OIDC provider",
+  EMAIL_NOT_VERIFIED: "Email address has not been verified by the OIDC provider",
+  ID_TOKEN_INVALID: "ID token verification failed",
+  WHITELIST_NOT_PRESENT: "Not present in whitelist",
+  SESSION_MANAGER_UNSUPPORTED: "sessionManager is not supported. Please upgrade to Strapi v5.24.1 or later.",
+  JWKS_URI_NOT_CONFIGURED: "[OIDC] OIDC_JWKS_URI is not configured — ID token signature verification is disabled. Set OIDC_JWKS_URI and OIDC_ISSUER from your provider's discovery document.",
+  ENFORCE_MIDDLEWARE_ERROR: "Error checking OIDC enforcement in middleware:",
+  ENFORCE_SYNC_ERROR: "[strapi-plugin-oidc] Failed to sync OIDC_ENFORCE to database:",
+  DEFAULT_ROLE_INIT_ERROR: "Could not initialize default OIDC role:",
+  AUDIT_LOG_CLEANUP_ERROR: "[strapi-plugin-oidc] Audit log cleanup failed:",
+  AUDIT_LOG_EXPORT_ERROR: "NDJSON export stream failed",
+  DISCOVERY_FETCH_ERROR: (url, reason) => `[strapi-plugin-oidc] Failed to fetch OIDC discovery document from ${url}: ${reason}`,
+  MISSING_CONFIG: (keys) => `Missing required config keys: ${keys}`
+};
 function getEnforceOIDCConfig(strapi2) {
   const config2 = strapi2.config.get("plugin::strapi-plugin-oidc");
   const val = config2.OIDC_ENFORCE;
@@ -58,7 +110,7 @@ async function applyDiscovery(strapi2) {
     doc = await res.json();
   } catch (e) {
     strapi2.log.error(
-      `[strapi-plugin-oidc] Failed to fetch OIDC discovery document from ${discoveryUrl}: ${e instanceof Error ? e.message : String(e)}`
+      errorMessages.DISCOVERY_FETCH_ERROR(discoveryUrl, e instanceof Error ? e.message : String(e))
     );
     return;
   }
@@ -115,7 +167,7 @@ async function bootstrap({ strapi: strapi2 }) {
           return;
         }
       } catch (err) {
-        strapi2.log.error("Error checking OIDC enforcement in middleware:", err);
+        strapi2.log.error(errorMessages.ENFORCE_MIDDLEWARE_ERROR, err);
       }
     }
     await next();
@@ -152,7 +204,7 @@ async function bootstrap({ strapi: strapi2 }) {
         );
       }
     } catch (err) {
-      strapi2.log.error("[strapi-plugin-oidc] Failed to sync OIDC_ENFORCE to database:", err);
+      strapi2.log.error(errorMessages.ENFORCE_SYNC_ERROR, err);
     }
   }
   try {
@@ -166,7 +218,7 @@ async function bootstrap({ strapi: strapi2 }) {
       }
     }
   } catch (err) {
-    strapi2.log.warn("Could not initialize default OIDC role:", err.message);
+    strapi2.log.warn(errorMessages.DEFAULT_ROLE_INIT_ERROR, err.message);
   }
   strapi2.cron.add({
     "strapi-plugin-oidc-audit-log-cleanup": {
@@ -175,7 +227,7 @@ async function bootstrap({ strapi: strapi2 }) {
           const retentionDays = getRetentionDays();
           await getAuditLogService().cleanup(retentionDays);
         } catch (err) {
-          strapi2.log.warn("[strapi-plugin-oidc] Audit log cleanup failed:", err.message);
+          strapi2.log.warn(errorMessages.AUDIT_LOG_CLEANUP_ERROR, err.message);
         }
       },
       options: { rule: "0 0 * * *" }
@@ -291,52 +343,6 @@ const EMAIL_REGEX = /^[^\s@]+@[^\s@]+\.[^\s@]+$/;
 function isValidEmail(email) {
   return EMAIL_REGEX.test(email);
 }
-const errorCodes = {
-  TOKEN_EXCHANGE_FAILED: "TOKEN_EXCHANGE_FAILED",
-  USERINFO_FETCH_FAILED: "USERINFO_FETCH_FAILED",
-  ID_TOKEN_PARSE_FAILED: "ID_TOKEN_PARSE_FAILED",
-  NONCE_MISMATCH: "NONCE_MISMATCH",
-  ROLE_UPDATE_FAILED: "ROLE_UPDATE_FAILED",
-  USER_CREATION_FAILED: "USER_CREATION_FAILED",
-  WHITELIST_CHECK_FAILED: "WHITELIST_CHECK_FAILED",
-  EMAIL_NOT_VERIFIED: "EMAIL_NOT_VERIFIED",
-  ID_TOKEN_INVALID: "ID_TOKEN_INVALID"
-};
-const ERROR_DETAIL_TEMPLATES = {
-  token_exchange_failed: "Token exchange failed with HTTP status {status}",
-  userinfo_fetch_failed: "UserInfo endpoint returned HTTP {status}",
-  role_update_failed: "Role update failed for user {userId}: {error}",
-  user_creation_failed: "User creation failed for {email}: {error}",
-  id_token_parse_failed: "ID token parse failed: {error}",
-  sign_in_unknown: "Unknown sign-in error: {error}",
-  invalid_email: "Invalid email address received from OIDC provider",
-  email_not_verified: "Email address has not been verified by the OIDC provider",
-  id_token_invalid: "ID token verification failed: {error}",
-  whitelist_not_present: "Email not present in whitelist",
-  session_manager_unsupported: "sessionManager is not supported. Please upgrade to Strapi v5.24.1 or later.",
-  missing_config: "Missing required config keys: {keys}"
-};
-function interpolate$1(template, params) {
-  if (!params) return template;
-  return template.replace(/\{(\w+)\}/g, (_, key) => String(params[key] ?? `{${key}}`));
-}
-function getErrorDetail(key, params) {
-  const template = ERROR_DETAIL_TEMPLATES[key];
-  if (!template) return void 0;
-  return interpolate$1(template, params);
-}
-const errorMessages = {
-  TOKEN_EXCHANGE_FAILED: "Token exchange failed",
-  USERINFO_FETCH_FAILED: "Failed to fetch user info",
-  ID_TOKEN_PARSE_FAILED: "Failed to parse ID token",
-  NONCE_MISMATCH: "Nonce mismatch",
-  INVALID_EMAIL: "Invalid email address received from OIDC provider",
-  EMAIL_NOT_VERIFIED: "Email address has not been verified by the OIDC provider",
-  ID_TOKEN_INVALID: "ID token verification failed",
-  WHITELIST_NOT_PRESENT: "Not present in whitelist",
-  SESSION_MANAGER_UNSUPPORTED: "sessionManager is not supported. Please upgrade to Strapi v5.24.1 or later.",
-  MISSING_CONFIG: (keys) => `Missing required config keys: ${keys}`
-};
 const en = {
   "global.plugins.strapi-plugin-oidc": "OIDC Plugin",
   "page.title": "Configure OIDC default role(s) and access controls.",
@@ -611,9 +617,7 @@ async function verifyIdToken(idToken, config2) {
   if (!jwksUri) {
     if (!jwksDisabledWarned) {
       jwksDisabledWarned = true;
-      strapi.log.warn(
-        "[OIDC] OIDC_JWKS_URI is not configured — ID token signature verification is disabled. Set OIDC_JWKS_URI and OIDC_ISSUER from your provider's discovery document."
-      );
+      strapi.log.warn(errorMessages.JWKS_URI_NOT_CONFIGURED);
     }
     return null;
   }
@@ -1385,7 +1389,7 @@ function errorAwareNdjsonStream(strapi2, service, filters) {
   const gen = ndjsonRowStream(service, filters);
   const readable = Readable.from(gen);
   readable.on("error", (err) => {
-    strapi2.log.error({ phase: "audit_log_export", err }, "NDJSON export stream failed");
+    strapi2.log.error({ phase: "audit_log_export", err }, errorMessages.AUDIT_LOG_EXPORT_ERROR);
   });
   return readable;
 }

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "strapi-plugin-oidc",
-  "version": "1.8.1",
+  "version": "1.8.3",
   "description": "A Strapi plugin that provides OpenID Connect (OIDC) authentication functionality for the Strapi Admin Panel.",
   "strapi": {
     "displayName": "OIDC Plugin",