New Case Study:See how Anthropic automated 95% of dependency reviews with Socket.Learn More
Socket
Sign inDemoInstall
Socket
Sign inDemoInstall

@inrupt/solid-client-authn-core

Package Overview
Dependencies
Maintainers
8
Versions
4587
Alerts
File Explorer

Advanced tools

License
Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

@inrupt/solid-client-authn-core - npm Package Compare versions

Comparing version 1.17.1 to 1.17.2

18

dist/index.js

@@ -39,2 +39,3 @@ 'use strict';

this.handleables = handleables;
this.handleables = handleables;
}

@@ -116,3 +117,6 @@ async getProperHandler(params) {

const urlObject = new URL(redirectUrl);
return urlObject.hash === "";
const noReservedQuery = !urlObject.searchParams.has("code") &&
!urlObject.searchParams.has("state");
const noHash = urlObject.hash === "";
return noReservedQuery && noHash;
}

@@ -128,2 +132,4 @@ catch (e) {

this.redirector = redirector;
this.storageUtility = storageUtility;
this.redirector = redirector;
}

@@ -156,2 +162,3 @@ async canHandle(oidcLoginOptions) {

this.sessionInfoManager = sessionInfoManager;
this.sessionInfoManager = sessionInfoManager;
}

@@ -169,2 +176,3 @@ async canHandle() {

this.redirector = redirector;
this.redirector = redirector;
}

@@ -221,2 +229,3 @@ async canHandle(userId, options) {

this.storageUtility = storageUtility;
this.storageUtility = storageUtility;
}

@@ -357,2 +366,7 @@ update(_sessionId, _options) {

};
this.loginHandler = loginHandler;
this.redirectHandler = redirectHandler;
this.logoutHandler = logoutHandler;
this.sessionInfoManager = sessionInfoManager;
this.issuerConfigFetcher = issuerConfigFetcher;
}

@@ -408,2 +422,4 @@ }

this.insecureStorage = insecureStorage;
this.secureStorage = secureStorage;
this.insecureStorage = insecureStorage;
}

@@ -410,0 +426,0 @@ getKey(userId) {

2

dist/mocks.js

@@ -12,2 +12,4 @@ 'use strict';

this.insecureStorage = insecureStorage;
this.secureStorage = secureStorage;
this.insecureStorage = insecureStorage;
}

@@ -14,0 +16,0 @@ getKey(userId) {

8

package.json
{
"name": "@inrupt/solid-client-authn-core",
"version": "1.17.1",
"version": "1.17.2",
"license": "MIT",

@@ -41,3 +41,3 @@ "main": "dist/index.js",

"events": "^3.3.0",
"jose": "^4.10.0",
"jose": "^4.14.6",
"uuid": "^9.0.0"

@@ -49,3 +49,3 @@ },

"engines": {
"node": "^14.0.0 || ^16.0.0 || ^18.0.0 || ^20.0.0"
"node": "^16.0.0 || ^18.0.0 || ^20.0.0"
},

@@ -55,3 +55,3 @@ "devDependencies": {

},
"gitHead": "0c27ce0ae0da67838526a538adc78b2f96f9b96b"
"gitHead": "5818a79b875812ca93235fca64c65d2ba5b59fc3"
}

10

src/authenticatedFetch/dpopUtils.spec.ts

@@ -61,3 +61,3 @@ //

"GET",
await mockKeyPair()
await mockKeyPair(),
);

@@ -75,3 +75,3 @@ const { payload } = await jwtVerify(header, (await mockJwk()).publicKey);

"GET",
await mockKeyPair()
await mockKeyPair(),
);

@@ -89,9 +89,7 @@ const { payload } = await jwtVerify(header, (await mockJwk()).publicKey);

"GET",
await mockKeyPair()
await mockKeyPair(),
);
const { protectedHeader } = await jwtVerify(
header,
(
await mockJwk()
).publicKey
(await mockJwk()).publicKey,
);

@@ -98,0 +96,0 @@ expect(protectedHeader.alg).toBe("ES256");

4

src/authenticatedFetch/dpopUtils.ts

@@ -56,3 +56,3 @@ //

method: string,
dpopKey: KeyPair
dpopKey: KeyPair,
): Promise<string> {

@@ -75,3 +75,3 @@ return new SignJWT({

const { privateKey, publicKey } = await generateKeyPair(
PREFERRED_SIGNING_ALG[0]
PREFERRED_SIGNING_ALG[0],
);

@@ -78,0 +78,0 @@ const dpopKeyPair = {

98

src/authenticatedFetch/fetchFactory.spec.ts

@@ -114,6 +114,7 @@ //

// FIXME: Should just use fake timers, but that chokes on recursive calls.
const handle = spyTimeout.mock.results[spyTimeout.mock.results.length - 1];
if (handle !== undefined) {
(handle.value as ReturnType<typeof setTimeout>).unref();
}
spyTimeout.mock.results.forEach((handle) => {
if (handle !== undefined) {
clearTimeout(handle.value as number);
}
});
});

@@ -126,3 +127,3 @@

}),
"https://my.pod/resource"
"https://my.pod/resource",
);

@@ -153,5 +154,3 @@ const keylikePair = await mockJwk();

headers.get("DPoP") as string,
(
await mockJwk()
).publicKey
(await mockJwk()).publicKey,
);

@@ -166,3 +165,3 @@ expect(decodedHeader.payload).toMatchObject({

mockNotRedirectedResponse(),
"https://my.pod/resource"
"https://my.pod/resource",
);

@@ -180,5 +179,3 @@

headers.get("DPoP") as string,
(
await mockKeyPair()
).privateKey
(await mockKeyPair()).privateKey,
);

@@ -192,3 +189,3 @@ expect(payload.htu).toBe("http://some.url/");

new Response(undefined, { status: 401 }),
"https://my.pod/resource"
"https://my.pod/resource",
);

@@ -198,3 +195,3 @@ const myFetch = await buildAuthenticatedFetch(

"myToken",
undefined
undefined,
);

@@ -210,3 +207,3 @@ await myFetch("https://my.pod/resource");

new Response(undefined, { status: 403 }),
"https://my.pod/container/"
"https://my.pod/container/",
);

@@ -229,5 +226,3 @@ // Redirects once

headers.get("DPoP") as string,
(
await mockKeyPair()
).privateKey
(await mockKeyPair()).privateKey,
);

@@ -240,3 +235,3 @@ expect(payload.htu).toBe("https://my.pod/container/");

new Response(undefined, { status: 403 }),
"https://my.pod/container/"
"https://my.pod/container/",
);

@@ -254,3 +249,3 @@

mockNotRedirectedResponse(),
"https://my.pod/container/"
"https://my.pod/container/",
);

@@ -260,3 +255,3 @@ const myFetch = await buildAuthenticatedFetch(

"myToken",
undefined
undefined,
);

@@ -274,3 +269,3 @@ await myFetch("someUrl", { headers: { someHeader: "SomeValue" } });

mockNotRedirectedResponse(),
"https://my.pod/container/"
"https://my.pod/container/",
);

@@ -280,3 +275,3 @@ const myFetch = await buildAuthenticatedFetch(

"myToken",
undefined
undefined,
);

@@ -296,3 +291,3 @@ await myFetch("someUrl", {

mockNotRedirectedResponse(),
"https://my.pod/container/"
"https://my.pod/container/",
);

@@ -317,3 +312,3 @@

new Response(undefined, { status: 400 }),
"https://my.pod/container/"
"https://my.pod/container/",
);

@@ -333,3 +328,3 @@

new Response(undefined, { status: 401 }),
"https://my.pod/container/"
"https://my.pod/container/",
);

@@ -365,3 +360,3 @@ const myFetch = await buildAuthenticatedFetch(mockedFetch, "myToken", {

const { fetch: mockedFetch } = jest.requireMock(
"@inrupt/universal-fetch"
"@inrupt/universal-fetch",
) as jest.Mocked<typeof UniversalFetch>;

@@ -393,3 +388,3 @@ const mockRefresher = mockDefaultTokenRefresher();

const { fetch: mockedFetch } = jest.requireMock(
"@inrupt/universal-fetch"
"@inrupt/universal-fetch",
) as jest.Mocked<typeof UniversalFetch>;

@@ -408,3 +403,3 @@ const mockRefresher = mockDefaultTokenRefresher();

expect.any(Function),
DEFAULT_EXPIRATION_TIME_SECONDS * 1000
DEFAULT_EXPIRATION_TIME_SECONDS * 1000,
);

@@ -415,3 +410,3 @@ });

const { fetch: mockedFetch } = jest.requireMock(
"@inrupt/universal-fetch"
"@inrupt/universal-fetch",
) as jest.Mocked<typeof UniversalFetch>;

@@ -457,3 +452,3 @@ const keylikePair = await mockJwk();

publicKey: await exportJWK(keylikePair.publicKey),
}
},
);

@@ -464,3 +459,3 @@ });

const { fetch: mockedFetch } = jest.requireMock(
"@inrupt/universal-fetch"
"@inrupt/universal-fetch",
) as jest.Mocked<typeof UniversalFetch>;

@@ -474,2 +469,4 @@ const mockRefresher = mockTokenRefresher({

const mockedEmitter = new EventEmitter();
// const handles: ReturnType<typeof setTimeout>[] = [];
// mockedEmitter.on(EVENTS.TIMEOUT_SET, (handle) => {handles.push(handle); console.log("timeout set")});
const spiedEmit = jest.spyOn(mockedEmitter, "emit");

@@ -494,8 +491,9 @@ await buildAuthenticatedFetch(mockedFetch, "myToken", {

// 2000 is 7 - 5, which is the number of seconds before refreshing, converted to ms.
2 * 1000
2 * 1000,
);
expect(spiedEmit).toHaveBeenCalledWith(
EVENTS.TIMEOUT_SET,
expect.anything()
expect.anything(),
);
// handles.forEach((handle) => { console.log("clearing handle"); clearTimeout(handle)});
});

@@ -505,3 +503,3 @@

const { fetch: mockedFetch } = jest.requireMock(
"@inrupt/universal-fetch"
"@inrupt/universal-fetch",
) as jest.Mocked<typeof UniversalFetch>;

@@ -529,3 +527,3 @@ const mockRefresher = mockTokenRefresher({

expect.any(Function),
DEFAULT_EXPIRATION_TIME_SECONDS * 1000
DEFAULT_EXPIRATION_TIME_SECONDS * 1000,
);

@@ -536,3 +534,3 @@ });

const { fetch: mockedFetch } = jest.requireMock(
"@inrupt/universal-fetch"
"@inrupt/universal-fetch",
) as jest.Mocked<typeof UniversalFetch>;

@@ -561,3 +559,3 @@ const tokenSet = mockDefaultTokenSet();

const { fetch: mockedFetch } = jest.requireMock(
"@inrupt/universal-fetch"
"@inrupt/universal-fetch",
) as jest.Mocked<typeof UniversalFetch>;

@@ -581,3 +579,3 @@ const tokenSet = mockDefaultTokenSet();

EVENTS.NEW_REFRESH_TOKEN,
"some rotated refresh token"
"some rotated refresh token",
);

@@ -588,3 +586,3 @@ });

const { fetch: mockedFetch } = jest.requireMock(
"@inrupt/universal-fetch"
"@inrupt/universal-fetch",
) as jest.Mocked<typeof UniversalFetch>;

@@ -623,3 +621,3 @@ // Mocks a refresher which refreshes only once to prevent re-scheduling timeouts.

const { fetch: mockedFetch } = jest.requireMock(
"@inrupt/universal-fetch"
"@inrupt/universal-fetch",
) as jest.Mocked<typeof UniversalFetch>;

@@ -637,4 +635,4 @@ const mockedFreshener = mockTokenRefresher(mockDefaultTokenSet());

"error_identifier",
"Some error description"
)
"Some error description",
),
) as any;

@@ -659,3 +657,3 @@ const mockEmitter = new EventEmitter();

EVENTS.TIMEOUT_SET,
expect.anything()
expect.anything(),
);

@@ -666,3 +664,3 @@ expect(spiedEmit).toHaveBeenCalledWith(EVENTS.SESSION_EXPIRED);

"error_identifier",
"Some error description"
"Some error description",
);

@@ -673,3 +671,3 @@ });

const { fetch: mockedFetch } = jest.requireMock(
"@inrupt/universal-fetch"
"@inrupt/universal-fetch",
) as jest.Mocked<typeof UniversalFetch>;

@@ -700,3 +698,3 @@ const mockedFreshener = mockTokenRefresher(mockDefaultTokenSet());

EVENTS.TIMEOUT_SET,
expect.anything()
expect.anything(),
);

@@ -708,3 +706,3 @@ expect(spiedEmit).toHaveBeenCalledWith(EVENTS.SESSION_EXPIRED);

const { fetch: mockedFetch } = jest.requireMock(
"@inrupt/universal-fetch"
"@inrupt/universal-fetch",
) as jest.Mocked<typeof UniversalFetch>;

@@ -731,3 +729,3 @@ const mockedFreshener = mockTokenRefresher(mockDefaultTokenSet());

EVENTS.TIMEOUT_SET,
expect.anything()
expect.anything(),
);

@@ -739,3 +737,3 @@ expect(spiedEmit).toHaveBeenCalledWith(EVENTS.SESSION_EXPIRED);

const { fetch: mockedFetch } = jest.requireMock(
"@inrupt/universal-fetch"
"@inrupt/universal-fetch",
) as jest.Mocked<typeof UniversalFetch>;

@@ -742,0 +740,0 @@ const spyTimeout = jest.spyOn(global, "setTimeout");

47

src/authenticatedFetch/fetchFactory.ts

@@ -62,3 +62,3 @@ //

dpopKey: KeyPair,
defaultOptions?: RequestInit
defaultOptions?: RequestInit,
): Promise<RequestInit> {

@@ -70,3 +70,3 @@ const headers = new Headers(defaultOptions?.headers);

"DPoP",
await createDpopHeader(targetUrl, defaultOptions?.method ?? "get", dpopKey)
await createDpopHeader(targetUrl, defaultOptions?.method ?? "get", dpopKey),
);

@@ -83,3 +83,3 @@ return {

dpopKey?: KeyPair,
defaultOptions?: RequestInit
defaultOptions?: RequestInit,
): Promise<RequestInit> {

@@ -103,3 +103,3 @@ if (dpopKey !== undefined) {

defaultRequestInit?: RequestInit,
dpopKey?: KeyPair
dpopKey?: KeyPair,
) {

@@ -112,4 +112,4 @@ return unauthFetch(

dpopKey,
defaultRequestInit
)
defaultRequestInit,
),
);

@@ -121,3 +121,3 @@ }

dpopKey?: KeyPair,
eventEmitter?: EventEmitter
eventEmitter?: EventEmitter,
): Promise<{ accessToken: string; refreshToken?: string; expiresIn?: number }> {

@@ -127,7 +127,7 @@ const tokenSet = await refreshOptions.tokenRefresher.refresh(

refreshOptions.refreshToken,
dpopKey
dpopKey,
);
eventEmitter?.emit(
EVENTS.SESSION_EXTENDED,
tokenSet.expiresIn ?? DEFAULT_EXPIRATION_TIME_SECONDS
tokenSet.expiresIn ?? DEFAULT_EXPIRATION_TIME_SECONDS,
);

@@ -176,3 +176,3 @@ if (typeof tokenSet.refreshToken === "string") {

eventEmitter?: EventEmitter;
}
},
): Promise<typeof fetch> {

@@ -199,3 +199,3 @@ let currentAccessToken = accessToken;

// eslint-disable-next-line @typescript-eslint/no-non-null-assertion
options!.eventEmitter
options!.eventEmitter,
);

@@ -212,3 +212,3 @@ // Update the tokens in the closure if appropriate.

proactivelyRefreshToken,
computeRefreshDelay(expiresIn) * 1000
computeRefreshDelay(expiresIn) * 1000,
);

@@ -231,3 +231,3 @@ // If currentRefreshOptions is defined, options is necessarily defined too.

e.error,
e.errorDescription
e.errorDescription,
);

@@ -256,3 +256,3 @@ /* istanbul ignore next 100% coverage would require testing that nothing

// eslint-disable-next-line @typescript-eslint/no-non-null-assertion
computeRefreshDelay(options!.expiresIn) * 1000
computeRefreshDelay(options!.expiresIn) * 1000,
);

@@ -263,8 +263,11 @@ // eslint-disable-next-line @typescript-eslint/no-non-null-assertion

// If no refresh options are provided, the session expires when the access token does.
const expirationTimeout = setTimeout(() => {
// The event emitter is always defined in our code, and it would be tedious
// to test for conditions when it is not.
// eslint-disable-next-line @typescript-eslint/no-non-null-assertion
options.eventEmitter!.emit(EVENTS.SESSION_EXPIRED);
}, computeRefreshDelay(options.expiresIn) * 1000);
const expirationTimeout = setTimeout(
() => {
// The event emitter is always defined in our code, and it would be tedious
// to test for conditions when it is not.
// eslint-disable-next-line @typescript-eslint/no-non-null-assertion
options.eventEmitter!.emit(EVENTS.SESSION_EXPIRED);
},
computeRefreshDelay(options.expiresIn) * 1000,
);
// eslint-disable-next-line @typescript-eslint/no-non-null-assertion

@@ -279,3 +282,3 @@ options.eventEmitter!.emit(EVENTS.TIMEOUT_SET, expirationTimeout);

requestInit,
options?.dpopKey
options?.dpopKey,
);

@@ -303,3 +306,3 @@

requestInit,
options.dpopKey
options.dpopKey,
);

@@ -306,0 +309,0 @@ }

16

src/ClientAuthentication.ts

@@ -55,4 +55,10 @@ //

protected sessionInfoManager: ISessionInfoManager,
protected issuerConfigFetcher?: IIssuerConfigFetcher
) {}
protected issuerConfigFetcher?: IIssuerConfigFetcher,
) {
this.loginHandler = loginHandler;
this.redirectHandler = redirectHandler;
this.logoutHandler = logoutHandler;
this.sessionInfoManager = sessionInfoManager;
this.issuerConfigFetcher = issuerConfigFetcher;
}

@@ -64,3 +70,3 @@ // By default, our fetch() resolves to the environment fetch() function.

sessionId: string,
options?: ILogoutOptions
options?: ILogoutOptions,
): Promise<void> => {

@@ -78,3 +84,3 @@ // When doing IDP logout this will redirect away from the current page, so we should not expect

}
: options
: options,
);

@@ -91,3 +97,3 @@

getSessionInfo = async (
sessionId: string
sessionId: string,
): Promise<(ISessionInfo & ISessionInternalInfo) | undefined> => {

@@ -94,0 +100,0 @@ // TODO complete

2

src/constant.ts

@@ -58,3 +58,3 @@ //

export const DEFAULT_SCOPES = [SCOPE_OPENID, SCOPE_OFFLINE, SCOPE_WEBID].join(
" "
" ",
);

2

src/errors/InvalidResponseError.ts

@@ -41,5 +41,5 @@ //

super(
`Invalid response from OIDC provider: missing fields ${missingFields}`
`Invalid response from OIDC provider: missing fields ${missingFields}`,
);
}
}

2

src/errors/OidcProviderError.ts

@@ -42,3 +42,3 @@ //

public readonly error: string,
public readonly errorDescription?: string
public readonly errorDescription?: string,
) {

@@ -45,0 +45,0 @@ super(message);

2

src/login/oidc/__mocks__/IncomingRedirectHandler.ts

@@ -35,3 +35,3 @@ //

fetch: jest.fn(globalThis.fetch),
})
}),
);

@@ -38,0 +38,0 @@

2

src/login/oidc/__mocks__/IssuerConfigFetcher.ts

@@ -26,3 +26,3 @@ //

export function mockIssuerConfigFetcher(
config: IIssuerConfig
config: IIssuerConfig,
): IIssuerConfigFetcher {

@@ -29,0 +29,0 @@ return {

12

src/login/oidc/IClientRegistrar.spec.ts

@@ -41,3 +41,3 @@ //

jest.fn() as unknown as IStorageUtility,
clientRegistrar as IClientRegistrar
clientRegistrar as IClientRegistrar,
);

@@ -59,3 +59,3 @@ expect(clientRegistrar.getClient).toHaveBeenCalled();

jest.fn() as unknown as IStorageUtility,
clientRegistrar as IClientRegistrar
clientRegistrar as IClientRegistrar,
);

@@ -83,3 +83,3 @@ expect(clientRegistrar.getClient).toHaveBeenCalled();

storageUtility,
clientRegistrar as IClientRegistrar
clientRegistrar as IClientRegistrar,
);

@@ -111,3 +111,3 @@ expect(clientRegistrar.getClient).not.toHaveBeenCalled();

storageUtility,
clientRegistrar as IClientRegistrar
clientRegistrar as IClientRegistrar,
);

@@ -123,6 +123,6 @@ expect(clientRegistrar.getClient).not.toHaveBeenCalled();

expect(
determineSigningAlg(["ES256", "HS256", "RS256"], ["ES256", "RS256"])
determineSigningAlg(["ES256", "HS256", "RS256"], ["ES256", "RS256"]),
).toBe("ES256");
expect(determineSigningAlg(["ES256", "HS256", "RS256"], ["RS256"])).toBe(
"RS256"
"RS256",
);

@@ -129,0 +129,0 @@ expect(determineSigningAlg(["RS256"], ["RS256"])).toBe("RS256");

10

src/login/oidc/IClientRegistrar.ts

@@ -44,3 +44,3 @@ //

options: IClientRegistrarOptions,
issuerConfig: IIssuerConfig
issuerConfig: IIssuerConfig,
): Promise<IClient>;

@@ -63,3 +63,3 @@ }

supported: string[],
preferred: string[]
preferred: string[],
): string | null {

@@ -75,3 +75,3 @@ return (

options: ILoginOptions,
issuerConfig: IIssuerConfig
issuerConfig: IIssuerConfig,
): ClientType {

@@ -99,3 +99,3 @@ if (options.clientId !== undefined && !isValidUrl(options.clientId)) {

storageUtility: IStorageUtility,
clientRegistrar: IClientRegistrar
clientRegistrar: IClientRegistrar,
): Promise<IClient> {

@@ -110,3 +110,3 @@ const clientType = determineClientType(options, issuerConfig);

},
issuerConfig
issuerConfig,
);

@@ -113,0 +113,0 @@ }

9

src/login/oidc/oidcHandlers/AuthorizationCodeWithPkceOidcHandler.ts

@@ -38,4 +38,7 @@ //

protected storageUtility: IStorageUtility,
protected redirector: IRedirector
) {}
protected redirector: IRedirector,
) {
this.storageUtility = storageUtility;
this.redirector = redirector;
}

@@ -46,3 +49,3 @@ async canHandle(oidcLoginOptions: IOidcOptions): Promise<boolean> {

oidcLoginOptions.issuerConfiguration.grantTypesSupported.indexOf(
"authorization_code"
"authorization_code",
) > -1

@@ -49,0 +52,0 @@ );

2

src/login/oidc/refresh/__mocks__/TokenRefresher.ts

@@ -32,3 +32,3 @@ //

export const mockTokenRefresher = (
tokenSet: TokenEndpointResponse
tokenSet: TokenEndpointResponse,
): ITokenRefresher => {

@@ -35,0 +35,0 @@ return {

2

src/login/oidc/refresh/ITokenRefresher.ts

@@ -72,4 +72,4 @@ //

dpopKey?: KeyPair,
eventEmitter?: EventEmitter
eventEmitter?: EventEmitter,
): Promise<TokenEndpointResponse>;
}

6

src/login/oidc/validateRedirectIri.spec.ts

@@ -32,3 +32,3 @@ //

expect(
isValidRedirectUrl("https://example.org/redirect#some-fragment")
isValidRedirectUrl("https://example.org/redirect#some-fragment"),
).toBe(false);

@@ -42,6 +42,6 @@ });

isValidRedirectUrl(
"https://example.org/?param=value&otherParam=otherValue"
)
"https://example.org/?param=value&otherParam=otherValue",
),
).toBe(true);
});
});

6

src/login/oidc/validateRedirectIri.ts

@@ -26,5 +26,9 @@ //

const urlObject = new URL(redirectUrl);
const noReservedQuery =
!urlObject.searchParams.has("code") &&
!urlObject.searchParams.has("state");
// As per https://tools.ietf.org/html/rfc6749#section-3.1.2, the redirect URL
// must not include a hash fragment.
return urlObject.hash === "";
const noHash = urlObject.hash === "";
return noReservedQuery && noHash;
} catch (e) {

@@ -31,0 +35,0 @@ return false;

2

src/logout/__mocks__/LogoutHandler.ts

@@ -30,3 +30,3 @@ //

export const mockLogoutHandler = (
storageUtility: IStorageUtility
storageUtility: IStorageUtility,
): ILogoutHandler => {

@@ -33,0 +33,0 @@ return {

12

src/logout/GeneralLogoutHandler.spec.ts

@@ -32,6 +32,6 @@ //

function getInitialisedHandler(
mocks: Partial<typeof defaultMocks> = defaultMocks
mocks: Partial<typeof defaultMocks> = defaultMocks,
): LogoutHandler {
return new LogoutHandler(
mocks.sessionManager ?? defaultMocks.sessionManager
mocks.sessionManager ?? defaultMocks.sessionManager,
);

@@ -55,3 +55,3 @@ }

{ someKey: "someValue" },
{ secure: true }
{ secure: true },
);

@@ -63,10 +63,10 @@ const logoutHandler = getInitialisedHandler({

await expect(
nonEmptyStorage.getForUser("someUser", "someKey", { secure: true })
nonEmptyStorage.getForUser("someUser", "someKey", { secure: true }),
).resolves.toBeUndefined();
await expect(
nonEmptyStorage.getForUser("someUser", "someKey", { secure: false })
nonEmptyStorage.getForUser("someUser", "someKey", { secure: false }),
).resolves.toBeUndefined();
// This test is only necessary until the key is stored safely
await expect(
nonEmptyStorage.get("clientKey", { secure: false })
nonEmptyStorage.get("clientKey", { secure: false }),
).resolves.toBeUndefined();

@@ -73,0 +73,0 @@ });

4

src/logout/GeneralLogoutHandler.ts

@@ -34,3 +34,5 @@ //

export default class GeneralLogoutHandler implements ILogoutHandler {
constructor(private sessionInfoManager: ISessionInfoManager) {}
constructor(private sessionInfoManager: ISessionInfoManager) {
this.sessionInfoManager = sessionInfoManager;
}

@@ -37,0 +39,0 @@ async canHandle(): Promise<boolean> {

9

src/logout/ILogoutHandler.ts

@@ -34,3 +34,10 @@ //

/**
* The URL to redirect back to when RP initiated logout is completed.
* An optional URL to redirect to after idp logout has completed;
* this MUST match a logout URL listed in the
* [Client ID Document](https://docs.inrupt.com/ess/latest/security/authentication/#client-identifier-client-id)
* of the application that is logged in.
*
* If the application is logged in with a Client ID that is not
* a URI dereferencing to a Client ID Document then users will
* not be redirected back to the `postLogoutUrl` after logout.
*/

@@ -37,0 +44,0 @@ postLogoutUrl?: string | undefined;

4

src/logout/IWaterfallLogoutHandler.ts

@@ -33,3 +33,3 @@ //

sessionInfoManager: ISessionInfoManager,
redirector: IRedirector
redirector: IRedirector,
) {

@@ -48,3 +48,3 @@ this.handlers = [

userId: string,
options?: ILogoutHandlerOptions | undefined
options?: ILogoutHandlerOptions | undefined,
): Promise<void> {

@@ -51,0 +51,0 @@ for (const handler of this.handlers) {

28

src/logout/RpLogoutHandler.spec.ts

@@ -38,6 +38,6 @@ //

await expect(
logoutHandler.canHandle("session", { logoutType: "idp" })
logoutHandler.canHandle("session", { logoutType: "idp" }),
).resolves.toBe(true);
await expect(
logoutHandler.canHandle("session", { logoutType: "app" })
logoutHandler.canHandle("session", { logoutType: "app" }),
).resolves.toBe(false);

@@ -51,3 +51,3 @@ await expect(logoutHandler.canHandle("session")).resolves.toBe(false);

},
})
}),
).resolves.toBe(true);

@@ -68,3 +68,3 @@ });

await expect(
logoutHandler.handle("session", { logoutType: "app" })
logoutHandler.handle("session", { logoutType: "app" }),
).rejects.toThrow();

@@ -80,3 +80,3 @@ });

toLogoutUrl: () => "myFixedString",
})
}),
).rejects.toThrow();

@@ -89,3 +89,3 @@ });

await expect(
logoutHandler.handle("session", { logoutType: "idp" })
logoutHandler.handle("session", { logoutType: "idp" }),
).rejects.toThrow();

@@ -101,3 +101,3 @@ });

toLogoutUrl: undefined,
})
}),
).rejects.toThrow();

@@ -114,3 +114,3 @@ });

toLogoutUrl: () => "myFixedString",
})
}),
).resolves.toBeUndefined();

@@ -131,3 +131,3 @@ expect(fn).toHaveBeenCalledWith("myFixedString", {

postLogoutUrl: "prefix",
})
}),
).resolves.toBeUndefined();

@@ -149,3 +149,3 @@ expect(fn).toHaveBeenCalledWith("prefix-myFixedString", {

postLogoutUrl: "prefix",
})
}),
).resolves.toBeUndefined();

@@ -171,3 +171,3 @@ expect(fn).toHaveBeenCalledWith("prefix-s-myFixedString", {

postLogoutUrl: "https://example.org/app/logout/url",
})
}),
).resolves.toBeUndefined();

@@ -178,3 +178,3 @@ expect(fn).toHaveBeenCalledWith(

handleRedirect: undefined,
}
},
);

@@ -196,3 +196,3 @@ });

state: "s",
})
}),
).resolves.toBeUndefined();

@@ -203,3 +203,3 @@ expect(fn).toHaveBeenCalledWith(

handleRedirect: undefined,
}
},
);

@@ -206,0 +206,0 @@ });

12

src/logout/RpLogoutHandler.ts

@@ -26,7 +26,9 @@ //

export default class IRpLogoutHandler implements ILogoutHandler {
constructor(protected redirector: IRedirector) {}
constructor(protected redirector: IRedirector) {
this.redirector = redirector;
}
async canHandle(
userId: string,
options?: ILogoutHandlerOptions | undefined
options?: ILogoutHandlerOptions | undefined,
): Promise<boolean> {

@@ -38,7 +40,7 @@ return options?.logoutType === "idp";

userId: string,
options?: ILogoutHandlerOptions | undefined
options?: ILogoutHandlerOptions | undefined,
): Promise<void> {
if (options?.logoutType !== "idp") {
throw new Error(
"Attempting to call idp logout handler to perform app logout"
"Attempting to call idp logout handler to perform app logout",
);

@@ -49,3 +51,3 @@ }

throw new Error(
"Cannot perform IDP logout. Did you log in using the OIDC authentication flow?"
"Cannot perform IDP logout. Did you log in using the OIDC authentication flow?",
);

@@ -52,0 +54,0 @@ }

92

src/SessionEventListener.ts

@@ -69,3 +69,3 @@ //

eventName: LOGIN_ARGS["eventName"],
listener: LOGIN_ARGS["listener"]
listener: LOGIN_ARGS["listener"],
): this;

@@ -79,3 +79,3 @@ /**

eventName: LOGOUT_ARGS["eventName"],
listener: LOGOUT_ARGS["listener"]
listener: LOGOUT_ARGS["listener"],
): this;

@@ -89,3 +89,3 @@ /**

eventName: SESSION_EXPIRED_ARGS["eventName"],
listener: SESSION_EXPIRED_ARGS["listener"]
listener: SESSION_EXPIRED_ARGS["listener"],
): this;

@@ -99,3 +99,3 @@ /**

eventName: SESSION_RESTORED_ARGS["eventName"],
listener: SESSION_RESTORED_ARGS["listener"]
listener: SESSION_RESTORED_ARGS["listener"],
): this;

@@ -109,3 +109,3 @@ /**

eventName: ERROR_ARGS["eventName"],
listener: ERROR_ARGS["listener"]
listener: ERROR_ARGS["listener"],
): this;

@@ -119,3 +119,3 @@ /**

eventName: SESSION_EXTENDED_ARGS["eventName"],
listener: SESSION_EXTENDED_ARGS["listener"]
listener: SESSION_EXTENDED_ARGS["listener"],
): this;

@@ -130,3 +130,3 @@ /**

eventName: TIMEOUT_SET_ARGS["eventName"],
listener: TIMEOUT_SET_ARGS["listener"]
listener: TIMEOUT_SET_ARGS["listener"],
): this;

@@ -140,3 +140,3 @@ /**

eventName: NEW_REFRESH_TOKEN_ARGS["eventName"],
listener: NEW_REFRESH_TOKEN_ARGS["listener"]
listener: NEW_REFRESH_TOKEN_ARGS["listener"],
): this;

@@ -149,3 +149,3 @@ /**

eventName: FALLBACK_ARGS["eventName"],
listener: FALLBACK_ARGS["listener"]
listener: FALLBACK_ARGS["listener"],
): this;

@@ -160,3 +160,3 @@

eventName: LOGIN_ARGS["eventName"],
listener: LOGIN_ARGS["listener"]
listener: LOGIN_ARGS["listener"],
): this;

@@ -170,3 +170,3 @@ /**

eventName: LOGOUT_ARGS["eventName"],
listener: LOGOUT_ARGS["listener"]
listener: LOGOUT_ARGS["listener"],
): this;

@@ -180,3 +180,3 @@ /**

eventName: SESSION_EXPIRED_ARGS["eventName"],
listener: SESSION_EXPIRED_ARGS["listener"]
listener: SESSION_EXPIRED_ARGS["listener"],
): this;

@@ -190,3 +190,3 @@ /**

eventName: SESSION_RESTORED_ARGS["eventName"],
listener: SESSION_RESTORED_ARGS["listener"]
listener: SESSION_RESTORED_ARGS["listener"],
): this;

@@ -200,3 +200,3 @@ /**

eventName: ERROR_ARGS["eventName"],
listener: ERROR_ARGS["listener"]
listener: ERROR_ARGS["listener"],
): this;

@@ -210,3 +210,3 @@ /**

eventName: SESSION_EXTENDED_ARGS["eventName"],
listener: SESSION_EXTENDED_ARGS["listener"]
listener: SESSION_EXTENDED_ARGS["listener"],
): this;

@@ -221,3 +221,3 @@ /**

eventName: TIMEOUT_SET_ARGS["eventName"],
listener: TIMEOUT_SET_ARGS["listener"]
listener: TIMEOUT_SET_ARGS["listener"],
): this;

@@ -231,3 +231,3 @@ /**

eventName: NEW_REFRESH_TOKEN_ARGS["eventName"],
listener: NEW_REFRESH_TOKEN_ARGS["listener"]
listener: NEW_REFRESH_TOKEN_ARGS["listener"],
): this;

@@ -240,3 +240,3 @@ /**

eventName: FALLBACK_ARGS["eventName"],
listener: FALLBACK_ARGS["listener"]
listener: FALLBACK_ARGS["listener"],
): this;

@@ -251,3 +251,3 @@

eventName: LOGIN_ARGS["eventName"],
listener: LOGIN_ARGS["listener"]
listener: LOGIN_ARGS["listener"],
): this;

@@ -261,3 +261,3 @@ /**

eventName: LOGOUT_ARGS["eventName"],
listener: LOGOUT_ARGS["listener"]
listener: LOGOUT_ARGS["listener"],
): this;

@@ -271,3 +271,3 @@ /**

eventName: SESSION_EXPIRED_ARGS["eventName"],
listener: SESSION_EXPIRED_ARGS["listener"]
listener: SESSION_EXPIRED_ARGS["listener"],
): this;

@@ -281,3 +281,3 @@ /**

eventName: SESSION_RESTORED_ARGS["eventName"],
listener: SESSION_RESTORED_ARGS["listener"]
listener: SESSION_RESTORED_ARGS["listener"],
): this;

@@ -291,3 +291,3 @@ /**

eventName: ERROR_ARGS["eventName"],
listener: ERROR_ARGS["listener"]
listener: ERROR_ARGS["listener"],
): this;

@@ -301,3 +301,3 @@ /**

eventName: SESSION_EXTENDED_ARGS["eventName"],
listener: SESSION_EXTENDED_ARGS["listener"]
listener: SESSION_EXTENDED_ARGS["listener"],
): this;

@@ -312,3 +312,3 @@ /**

eventName: TIMEOUT_SET_ARGS["eventName"],
listener: TIMEOUT_SET_ARGS["listener"]
listener: TIMEOUT_SET_ARGS["listener"],
): this;

@@ -323,3 +323,3 @@ /**

eventName: NEW_REFRESH_TOKEN_ARGS["eventName"],
listener: NEW_REFRESH_TOKEN_ARGS["listener"]
listener: NEW_REFRESH_TOKEN_ARGS["listener"],
): this;

@@ -332,3 +332,3 @@ /**

eventName: FALLBACK_ARGS["eventName"],
listener: FALLBACK_ARGS["listener"]
listener: FALLBACK_ARGS["listener"],
): this;

@@ -343,3 +343,3 @@

eventName: LOGIN_ARGS["eventName"],
listener: LOGIN_ARGS["listener"]
listener: LOGIN_ARGS["listener"],
): this;

@@ -353,3 +353,3 @@ /**

eventName: LOGOUT_ARGS["eventName"],
listener: LOGOUT_ARGS["listener"]
listener: LOGOUT_ARGS["listener"],
): this;

@@ -363,3 +363,3 @@ /**

eventName: SESSION_EXPIRED_ARGS["eventName"],
listener: SESSION_EXPIRED_ARGS["listener"]
listener: SESSION_EXPIRED_ARGS["listener"],
): this;

@@ -373,3 +373,3 @@ /**

eventName: SESSION_RESTORED_ARGS["eventName"],
listener: SESSION_RESTORED_ARGS["listener"]
listener: SESSION_RESTORED_ARGS["listener"],
): this;

@@ -383,3 +383,3 @@ /**

eventName: ERROR_ARGS["eventName"],
listener: ERROR_ARGS["listener"]
listener: ERROR_ARGS["listener"],
): this;

@@ -393,3 +393,3 @@ /**

eventName: SESSION_EXTENDED_ARGS["eventName"],
listener: SESSION_EXTENDED_ARGS["listener"]
listener: SESSION_EXTENDED_ARGS["listener"],
): this;

@@ -403,3 +403,3 @@ /**

eventName: TIMEOUT_SET_ARGS["eventName"],
listener: TIMEOUT_SET_ARGS["listener"]
listener: TIMEOUT_SET_ARGS["listener"],
): this;

@@ -413,3 +413,3 @@ /**

eventName: NEW_REFRESH_TOKEN_ARGS["eventName"],
listener: NEW_REFRESH_TOKEN_ARGS["listener"]
listener: NEW_REFRESH_TOKEN_ARGS["listener"],
): this;

@@ -422,3 +422,3 @@ /**

eventName: FALLBACK_ARGS["eventName"],
listener: FALLBACK_ARGS["listener"]
listener: FALLBACK_ARGS["listener"],
): this;

@@ -433,3 +433,3 @@

eventName: LOGIN_ARGS["eventName"],
listener: LOGIN_ARGS["listener"]
listener: LOGIN_ARGS["listener"],
): this;

@@ -443,3 +443,3 @@ /**

eventName: LOGOUT_ARGS["eventName"],
listener: LOGOUT_ARGS["listener"]
listener: LOGOUT_ARGS["listener"],
): this;

@@ -453,3 +453,3 @@ /**

eventName: SESSION_EXPIRED_ARGS["eventName"],
listener: SESSION_EXPIRED_ARGS["listener"]
listener: SESSION_EXPIRED_ARGS["listener"],
): this;

@@ -463,3 +463,3 @@ /**

eventName: SESSION_RESTORED_ARGS["eventName"],
listener: SESSION_RESTORED_ARGS["listener"]
listener: SESSION_RESTORED_ARGS["listener"],
): this;

@@ -473,3 +473,3 @@ /**

eventName: ERROR_ARGS["eventName"],
listener: ERROR_ARGS["listener"]
listener: ERROR_ARGS["listener"],
): this;

@@ -483,3 +483,3 @@ /**

eventName: SESSION_EXTENDED_ARGS["eventName"],
listener: SESSION_EXTENDED_ARGS["listener"]
listener: SESSION_EXTENDED_ARGS["listener"],
): this;

@@ -493,3 +493,3 @@ /**

eventName: TIMEOUT_SET_ARGS["eventName"],
listener: TIMEOUT_SET_ARGS["listener"]
listener: TIMEOUT_SET_ARGS["listener"],
): this;

@@ -503,3 +503,3 @@ /**

eventName: NEW_REFRESH_TOKEN_ARGS["eventName"],
listener: NEW_REFRESH_TOKEN_ARGS["listener"]
listener: NEW_REFRESH_TOKEN_ARGS["listener"],
): this;

@@ -512,3 +512,3 @@ /**

eventName: FALLBACK_ARGS["eventName"],
listener: FALLBACK_ARGS["listener"]
listener: FALLBACK_ARGS["listener"],
): this;

@@ -531,3 +531,3 @@

toExclude: any,
errorMessage: string
errorMessage: string,
) => ({

@@ -534,0 +534,0 @@ // This proxy is only a temporary measure until Session no longer extends

2

src/sessionInfo/__mocks__/SessionInfoManager.ts

@@ -37,5 +37,5 @@ //

export function mockSessionInfoManager(
storageUtility: IStorageUtility
storageUtility: IStorageUtility,
): ISessionInfoManager {
return new SessionInfoManager(storageUtility);
}

2

src/sessionInfo/ISessionInfo.ts

@@ -91,5 +91,5 @@ //

export function isSupportedTokenType(
token: string | "DPoP" | "Bearer"
token: string | "DPoP" | "Bearer",
): token is "DPoP" | "Bearer" {
return typeof token === "string" && ["DPoP", "Bearer"].includes(token);
}

2

src/sessionInfo/ISessionInfoManager.ts

@@ -47,3 +47,3 @@ //

get(
sessionId: string
sessionId: string,
): Promise<(ISessionInfo & ISessionInternalInfo) | undefined>;

@@ -50,0 +50,0 @@ /**

8

src/sessionInfo/SessionInfoManager.ts

@@ -54,3 +54,3 @@ //

sessionId: string,
storage: IStorageUtility
storage: IStorageUtility,
): Promise<void> {

@@ -67,7 +67,9 @@ await Promise.all([

export abstract class SessionInfoManagerBase implements ISessionInfoManager {
constructor(protected storageUtility: IStorageUtility) {}
constructor(protected storageUtility: IStorageUtility) {
this.storageUtility = storageUtility;
}
update(
_sessionId: string,
_options: ISessionInfoManagerOptions
_options: ISessionInfoManagerOptions,
): Promise<void> {

@@ -74,0 +76,0 @@ throw new Error("Not Implemented");

10

src/storage/__mocks__/StorageUtility.ts

@@ -41,3 +41,3 @@ //

key: string,
options?: { errorIfNull?: boolean; secure?: boolean }
options?: { errorIfNull?: boolean; secure?: boolean },
) => StorageUtilityGetResponse,

@@ -47,3 +47,3 @@ setForUser: async (

values: Record<string, string>,
options?: { secure?: boolean }
options?: { secure?: boolean },
) => {

@@ -55,3 +55,3 @@ /* do nothing */

key: string,
options?: { secure?: boolean }
options?: { secure?: boolean },
) => {

@@ -66,3 +66,3 @@ /* do nothing */

export const mockStorage = (
stored: Record<string, string | Record<string, string>>
stored: Record<string, string | Record<string, string>>,
): IStorage => {

@@ -91,3 +91,3 @@ const store = stored;

stored: Record<string, string | Record<string, string>>,
isSecure = false
isSecure = false,
): IStorageUtility => {

@@ -94,0 +94,0 @@ if (isSecure) {

12

src/storage/IStorageUtility.ts

@@ -30,3 +30,3 @@ //

key: string,
options?: { errorIfNull?: boolean; secure?: boolean }
options?: { errorIfNull?: boolean; secure?: boolean },
): Promise<string | undefined>;

@@ -36,3 +36,3 @@ set(

value: string,
options?: { secure?: boolean }
options?: { secure?: boolean },
): Promise<void>;

@@ -43,3 +43,3 @@ delete(key: string, options?: { secure?: boolean }): Promise<void>;

key: string,
options?: { errorIfNull?: boolean; secure?: boolean }
options?: { errorIfNull?: boolean; secure?: boolean },
): Promise<string | undefined>;

@@ -49,3 +49,3 @@ setForUser(

values: Record<string, string>,
options?: { secure?: boolean }
options?: { secure?: boolean },
): Promise<void>;

@@ -55,8 +55,8 @@ deleteForUser(

key: string,
options?: { secure?: boolean }
options?: { secure?: boolean },
): Promise<void>;
deleteAllUserData(
userId: string,
options?: { secure?: boolean }
options?: { secure?: boolean },
): Promise<void>;
}

92

src/storage/StorageUtility.spec.ts

@@ -46,7 +46,7 @@ //

function getStorageUtility(
mocks: Partial<typeof defaultMocks> = defaultMocks
mocks: Partial<typeof defaultMocks> = defaultMocks,
): StorageUtility {
return new StorageUtility(
mocks.secureStorage ?? defaultMocks.secureStorage,
mocks.insecureStorage ?? defaultMocks.insecureStorage
mocks.insecureStorage ?? defaultMocks.insecureStorage,
);

@@ -88,3 +88,3 @@ }

await expect(
storageUtility.get("key", { errorIfNull: true })
storageUtility.get("key", { errorIfNull: true }),
).rejects.toThrow("[key] is not stored");

@@ -124,7 +124,7 @@ });

await expect(
storageUtility.get(key, { secure: true })
storageUtility.get(key, { secure: true }),
).resolves.toBeUndefined();
await storageUtility.set(key, value, { secure: true });
await expect(storageUtility.get(key, { secure: true })).resolves.toEqual(
value
value,
);

@@ -134,3 +134,3 @@

await expect(
storageUtility.get(key, { secure: true })
storageUtility.get(key, { secure: true }),
).resolves.toBeUndefined();

@@ -146,3 +146,3 @@ });

.mockReturnValue(
"This response deliberately cannot be parsed as JSON!"
"This response deliberately cannot be parsed as JSON!",
) as typeof mockedStorageUtility.get;

@@ -155,3 +155,3 @@ const storageUtility = getStorageUtility({

await expect(
storageUtility.getForUser("irrelevant for this test", "Doesn't matter")
storageUtility.getForUser("irrelevant for this test", "Doesn't matter"),
).rejects.toThrow("cannot be parsed as JSON!");

@@ -163,4 +163,4 @@

"Doesn't matter",
{ secure: true }
)
{ secure: true },
),
).rejects.toThrow("cannot be parsed as JSON!");

@@ -227,3 +227,3 @@ });

await expect(
storageUtility.getForUser(userId, "jackie", { errorIfNull: true })
storageUtility.getForUser(userId, "jackie", { errorIfNull: true }),
).rejects.toThrow(`Field [jackie] for user [${userId}] is not stored`);

@@ -250,3 +250,3 @@ });

`solidClientAuthenticationUser:${userId}`,
'cool: "bleep bloop not parsable"'
'cool: "bleep bloop not parsable"',
);

@@ -279,6 +279,6 @@

await expect(
storageUtility.getForUser(userId, "jackie")
storageUtility.getForUser(userId, "jackie"),
).resolves.toBeUndefined();
await expect(storageUtility.getForUser(userId, "sledge")).resolves.toBe(
"The Dog"
"The Dog",
);

@@ -302,6 +302,6 @@ });

await expect(
storageUtility.getForUser("someUser", "jackie", { secure: true })
storageUtility.getForUser("someUser", "jackie", { secure: true }),
).resolves.toBeUndefined();
await expect(
storageUtility.getForUser("someUser", "sledge", { secure: true })
storageUtility.getForUser("someUser", "sledge", { secure: true }),
).resolves.toBe("The Dog");

@@ -324,3 +324,3 @@ });

await expect(storageUtility.getForUser(userId, "jackie")).resolves.toBe(
"The Cat"
"The Cat",
);

@@ -331,3 +331,3 @@

await expect(
storageUtility.getForUser(userId, "jackie")
storageUtility.getForUser(userId, "jackie"),
).resolves.toBeUndefined();

@@ -348,3 +348,3 @@ });

await expect(
storageUtility.getForUser(userId, "jackie", { secure: true })
storageUtility.getForUser(userId, "jackie", { secure: true }),
).resolves.toBe("The Cat");

@@ -355,3 +355,3 @@

await expect(
storageUtility.getForUser(userId, "jackie", { secure: true })
storageUtility.getForUser(userId, "jackie", { secure: true }),
).resolves.toBeUndefined();

@@ -372,7 +372,7 @@ });

},
false
false,
);
await expect(
getSessionIdFromOauthState(mockedStorage, oauthState)
getSessionIdFromOauthState(mockedStorage, oauthState),
).resolves.toBe(oauthStateValue);

@@ -387,4 +387,4 @@ });

mockedStorage,
"some non-existent 'state' value"
)
"some non-existent 'state' value",
),
).resolves.toBeUndefined();

@@ -408,6 +408,6 @@ });

mockedStorage,
mockIssuerConfigFetcher(mockIssuerConfig())
)
mockIssuerConfigFetcher(mockIssuerConfig()),
),
).rejects.toThrow(
"Failed to retrieve OIDC context from storage associated with session [mySession]"
"Failed to retrieve OIDC context from storage associated with session [mySession]",
);

@@ -429,6 +429,6 @@ });

mockedStorage,
mockIssuerConfigFetcher(mockIssuerConfig())
)
mockIssuerConfigFetcher(mockIssuerConfig()),
),
).rejects.toThrow(
"Failed to retrieve OIDC context from storage associated with session [mySession]"
"Failed to retrieve OIDC context from storage associated with session [mySession]",
);

@@ -451,4 +451,4 @@ });

mockedStorage,
mockIssuerConfigFetcher(mockIssuerConfig())
)
mockIssuerConfigFetcher(mockIssuerConfig()),
),
).resolves.toEqual({

@@ -475,6 +475,6 @@ issuerConfig: mockIssuerConfig(),

mockedStorage,
mockIssuerConfigFetcher(mockIssuerConfig())
mockIssuerConfigFetcher(mockIssuerConfig()),
);
await expect(
mockedStorage.getForUser("mySession", "codeVerifier")
mockedStorage.getForUser("mySession", "codeVerifier"),
).resolves.toBeUndefined();

@@ -493,7 +493,9 @@ });

"a refresh token",
true
true,
);
await expect(
mockedStorage.getForUser("some session", "refreshToken", { secure: true })
mockedStorage.getForUser("some session", "refreshToken", {
secure: true,
}),
).resolves.toBe("a refresh token");

@@ -510,7 +512,7 @@ });

undefined,
true
true,
);
await expect(
mockedStorage.getForUser("some session", "webId", { secure: true })
mockedStorage.getForUser("some session", "webId", { secure: true }),
).resolves.toBe("https://my.webid");

@@ -527,7 +529,7 @@ });

undefined,
true
true,
);
await expect(
mockedStorage.getForUser("some session", "isLoggedIn", { secure: true })
mockedStorage.getForUser("some session", "isLoggedIn", { secure: true }),
).resolves.toBe("true");

@@ -575,3 +577,3 @@ });

true,
dpopKey
dpopKey,
);

@@ -584,4 +586,4 @@

secure: true,
}))!
)
}))!,
),
).toEqual(dpopKey.publicKey);

@@ -591,9 +593,9 @@ const privateJwk = await mockedStorage.getForUser(

"privateKey",
{ secure: true }
{ secure: true },
);
// eslint-disable-next-line @typescript-eslint/no-non-null-assertion
expect(JSON.parse(privateJwk!)).toEqual(
await exportJWK(dpopKey.privateKey)
await exportJWK(dpopKey.privateKey),
);
});
});

43

src/storage/StorageUtility.ts

@@ -46,3 +46,3 @@ //

storageUtility: IStorageUtility,
oauthState: string
oauthState: string,
): Promise<string | undefined> {

@@ -63,3 +63,3 @@ return storageUtility.getForUser(oauthState, "sessionId");

storageUtility: IStorageUtility,
configFetcher: IIssuerConfigFetcher
configFetcher: IIssuerConfigFetcher,
): Promise<OidcContext> {

@@ -89,3 +89,3 @@ try {

throw new Error(
`Failed to retrieve OIDC context from storage associated with session [${sessionId}]: ${e}`
`Failed to retrieve OIDC context from storage associated with session [${sessionId}]: ${e}`,
);

@@ -115,3 +115,3 @@ }

secure?: boolean,
dpopKey?: KeyPair
dpopKey?: KeyPair,
): Promise<void> {

@@ -135,3 +135,3 @@ // TODO: Investigate why this does not work with a Promise.all

},
{ secure }
{ secure },
);

@@ -148,4 +148,7 @@ }

private secureStorage: IStorage,
private insecureStorage: IStorage
) {}
private insecureStorage: IStorage,
) {
this.secureStorage = secureStorage;
this.insecureStorage = insecureStorage;
}

@@ -158,3 +161,3 @@ private getKey(userId: string): string {

userId: string,
secure?: boolean
secure?: boolean,
): Promise<Record<string, string>> {

@@ -176,3 +179,3 @@ const stored = await (secure

secure ? "secure" : "unsecure"
}] storage is corrupted - expected valid JSON, but got: ${stored}`
}] storage is corrupted - expected valid JSON, but got: ${stored}`,
);

@@ -185,7 +188,7 @@ }

data: Record<string, string>,
secure?: boolean
secure?: boolean,
): Promise<void> {
await (secure ? this.secureStorage : this.insecureStorage).set(
this.getKey(userId),
JSON.stringify(data)
JSON.stringify(data),
);

@@ -196,3 +199,3 @@ }

key: string,
options?: { errorIfNull?: boolean; secure?: boolean }
options?: { errorIfNull?: boolean; secure?: boolean },
): Promise<string | undefined> {

@@ -212,7 +215,7 @@ const value = await (options?.secure

value: string,
options?: { secure?: boolean }
options?: { secure?: boolean },
): Promise<void> {
return (options?.secure ? this.secureStorage : this.insecureStorage).set(
key,
value
value,
);

@@ -223,3 +226,3 @@ }

return (options?.secure ? this.secureStorage : this.insecureStorage).delete(
key
key,
);

@@ -231,3 +234,3 @@ }

key: string,
options?: { errorIfNull?: boolean; secure?: boolean }
options?: { errorIfNull?: boolean; secure?: boolean },
): Promise<string | undefined> {

@@ -249,3 +252,3 @@ const userData = await this.getUserData(userId, options?.secure);

values: Record<string, string>,
options?: { secure?: boolean }
options?: { secure?: boolean },
): Promise<void> {

@@ -266,3 +269,3 @@ let userData: Record<string, string>;

key: string,
options?: { secure?: boolean }
options?: { secure?: boolean },
): Promise<void> {

@@ -276,8 +279,8 @@ const userData = await this.getUserData(userId, options?.secure);

userId: string,
options?: { secure?: boolean }
options?: { secure?: boolean },
): Promise<void> {
await (options?.secure ? this.secureStorage : this.insecureStorage).delete(
this.getKey(userId)
this.getKey(userId),
);
}
}

18

src/util/handlerPattern/AggregateHandler.spec.ts

@@ -40,3 +40,3 @@ //

function initMocks(
configs: { canHandle: boolean; executeTime: number; toReturn: string }[]
configs: { canHandle: boolean; executeTime: number; toReturn: string }[],
) {

@@ -49,3 +49,3 @@ const mockHandlerInfo = configs.map((config) => {

});
}
},
);

@@ -57,3 +57,3 @@ const handleFunction = jest.fn(

});
}
},
);

@@ -71,3 +71,3 @@ const mock: () => MockHandler = jest.fn(() => ({

const aggregateMockHandler = new AggregateMockHandler(
mockHandlerInfo.map((info) => info.mock())
mockHandlerInfo.map((info) => info.mock()),
);

@@ -96,3 +96,3 @@ return {

expect(await mocks.aggregateMockHandler.canHandle("something")).toBe(
false
false,
);

@@ -112,7 +112,7 @@ });

it.todo(
"should run the correct handler even when it is preceded by the incorrect handler"
"should run the correct handler even when it is preceded by the incorrect handler",
);
it.todo(
"should run the first correct handler even when succeeded by a handler that takes a shorter time to execute"
"should run the first correct handler even when succeeded by a handler that takes a shorter time to execute",
);

@@ -126,3 +126,3 @@

await expect(() =>
mocks.aggregateMockHandler.handle("something")
mocks.aggregateMockHandler.handle("something"),
).rejects.toThrow();

@@ -144,3 +144,3 @@ });

await expect(() =>
mocks.aggregateMockHandler.handle(obj)
mocks.aggregateMockHandler.handle(obj),
).rejects.toThrow();

@@ -147,0 +147,0 @@ });

8

src/util/handlerPattern/AggregateHandler.ts

@@ -38,3 +38,5 @@ //

{
constructor(private handleables: IHandleable<P, R>[]) {}
constructor(private handleables: IHandleable<P, R>[]) {
this.handleables = handleables;
}

@@ -69,3 +71,3 @@ /**

const canHandleList = await Promise.all(
this.handleables.map((handleable) => handleable.canHandle(...params))
this.handleables.map((handleable) => handleable.canHandle(...params)),
);

@@ -101,5 +103,5 @@

})
.join(", ")}`
.join(", ")}`,
);
}
}

74

src/util/token.spec.ts

@@ -69,3 +69,3 @@ //

audience: string,
signingKey?: KeyLike
signingKey?: KeyLike,
): Promise<string> => {

@@ -84,9 +84,9 @@ return new SignJWT(claims)

statusCode: number,
statusText?: string
statusText?: string,
): void => {
const { fetch: mockedFetch } = jest.requireMock(
"@inrupt/universal-fetch"
"@inrupt/universal-fetch",
) as jest.Mocked<typeof UniversalFetch>;
mockedFetch.mockResolvedValueOnce(
new NodeResponse(payload, { status: statusCode, statusText })
new NodeResponse(payload, { status: statusCode, statusText }),
);

@@ -100,3 +100,3 @@ };

"https://some.issuer",
"https://some.clientId"
"https://some.clientId",
);

@@ -108,6 +108,6 @@ await expect(

"https://some.issuer",
"https://some.clientId"
)
"https://some.clientId",
),
).rejects.toThrow(
"Could not fetch JWKS for [https://some.issuer] at [https://some.jwks]: 404 Not Found"
"Could not fetch JWKS for [https://some.issuer] at [https://some.jwks]: 404 Not Found",
);

@@ -122,3 +122,3 @@ });

"https://some.issuer",
"https://some.clientId"
"https://some.clientId",
);

@@ -130,6 +130,6 @@ await expect(

"https://some.issuer",
"https://some.clientId"
)
"https://some.clientId",
),
).rejects.toThrow(
"Malformed JWKS for [https://some.issuer] at [https://some.jwks]:"
"Malformed JWKS for [https://some.issuer] at [https://some.jwks]:",
);

@@ -146,3 +146,3 @@ });

"https://some.clientId",
anotherKey
anotherKey,
);

@@ -154,6 +154,6 @@ await expect(

"https://some.issuer",
"https://some.clientId"
)
"https://some.clientId",
),
).rejects.toThrow(
"Token verification failed: JWSSignatureVerificationFailed: signature verification failed"
"Token verification failed: JWSSignatureVerificationFailed: signature verification failed",
);

@@ -167,3 +167,3 @@ });

"https://some.other.issuer",
"https://some.clientId"
"https://some.clientId",
);

@@ -175,6 +175,6 @@ await expect(

"https://some.issuer",
"https://some.clientId"
)
"https://some.clientId",
),
).rejects.toThrow(
'Token verification failed: JWTClaimValidationFailed: unexpected "iss" claim value'
'Token verification failed: JWTClaimValidationFailed: unexpected "iss" claim value',
);

@@ -188,3 +188,3 @@ });

"https://some.issuer",
"https://some.other.clientId"
"https://some.other.clientId",
);

@@ -196,6 +196,6 @@ await expect(

"https://some.issuer",
"https://some.clientId"
)
"https://some.clientId",
),
).rejects.toThrow(
'Token verification failed: JWTClaimValidationFailed: unexpected "aud" claim value'
'Token verification failed: JWTClaimValidationFailed: unexpected "aud" claim value',
);

@@ -209,3 +209,3 @@ });

"https://some.issuer",
"https://some.clientId"
"https://some.clientId",
);

@@ -217,4 +217,4 @@ await expect(

"https://some.issuer",
"https://some.clientId"
)
"https://some.clientId",
),
).rejects.toThrow("it has no 'webid' claim and no 'sub' claim.");

@@ -228,3 +228,3 @@ });

"https://some.issuer",
"https://some.clientId"
"https://some.clientId",
);

@@ -236,6 +236,6 @@ await expect(

"https://some.issuer",
"https://some.clientId"
)
"https://some.clientId",
),
).rejects.toThrow(
"The token has no 'webid' claim, and its 'sub' claim of [some user ID] is invalid as a URL - error"
"The token has no 'webid' claim, and its 'sub' claim of [some user ID] is invalid as a URL - error",
);

@@ -249,3 +249,3 @@ });

"https://some.issuer",
"https://some.clientId"
"https://some.clientId",
);

@@ -257,4 +257,4 @@ await expect(

"https://some.issuer",
"https://some.clientId"
)
"https://some.clientId",
),
).resolves.toBe("https://some.webid#me");

@@ -268,3 +268,3 @@ });

"https://some.issuer",
"https://some.clientId"
"https://some.clientId",
);

@@ -276,6 +276,6 @@ await expect(

"https://some.issuer",
"https://some.clientId"
)
"https://some.clientId",
),
).resolves.toBe("https://some.webid#me");
});
});

16

src/util/token.ts

@@ -32,3 +32,3 @@ //

jwksIri: string,
issuerIri: string
issuerIri: string,
): Promise<JWK> {

@@ -42,3 +42,3 @@ // FIXME: the following line works, but the underlying network calls don't seem

throw new Error(
`Could not fetch JWKS for [${issuerIri}] at [${jwksIri}]: ${jwksResponse.status} ${jwksResponse.statusText}`
`Could not fetch JWKS for [${issuerIri}] at [${jwksIri}]: ${jwksResponse.status} ${jwksResponse.statusText}`,
);

@@ -54,3 +54,3 @@ }

(e as WithMessage).message
}`
}`,
);

@@ -74,3 +74,3 @@ }

issuerIri: string,
clientId: string
clientId: string,
): Promise<string> {

@@ -86,3 +86,3 @@ const jwk = await fetchJwks(jwksIri, issuerIri);

audience: clientId,
}
},
);

@@ -100,4 +100,4 @@ payload = verifiedPayload;

`The token ${JSON.stringify(
payload
)} is invalid: it has no 'webid' claim and no 'sub' claim.`
payload,
)} is invalid: it has no 'webid' claim and no 'sub' claim.`,
);

@@ -114,5 +114,5 @@ }

throw new Error(
`The token has no 'webid' claim, and its 'sub' claim of [${payload.sub}] is invalid as a URL - error [${e}].`
`The token has no 'webid' claim, and its 'sub' claim of [${payload.sub}] is invalid as a URL - error [${e}].`,
);
}
}
dist/index.js.map

Sorry, the diff of this file is not supported yet

dist/index.mjs

Sorry, the diff of this file is not supported yet

dist/index.mjs.map

Sorry, the diff of this file is not supported yet

dist/mocks.mjs

Sorry, the diff of this file is not supported yet

rollup.config.mjs

Sorry, the diff of this file is not supported yet

SocketSocket SOC 2 Logo

Product

  • Package Alerts
  • Integrations
  • Docs
  • Pricing
  • FAQ
  • Roadmap
  • Changelog

About

Packages

npm

Go

Maven

PyPI

Rubygems

Stay in touch

Get open source security insights delivered straight into your inbox.

  • Terms
  • Privacy
  • Security

Made with ⚡️ by Socket Inc