OpenCloud
/
riot-web
mirror of https://github.com/vector-im/riot-web
1
0
Fork 0
Code Issues Releases Wiki Activity

use more future proof config for static clients (#11175)

pull/28788/head^2
Kerry 2023-07-05 11:10:03 +12:00 committed by GitHub
parent ce332d0f8b
commit 90e65e8490
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
5 changed files with 24 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
src/IConfigOptions.ts
View File

@ -201,7 +201,12 @@ export interface IConfigOptions {
* The issuer URL must have a trailing `/`. * The issuer URL must have a trailing `/`.
* OPTIONAL * OPTIONAL
*/ */
oidc_static_client_ids?: Record<string, string>; oidc_static_clients?: Record<
string,
{
client_id: string;
}
>;
} }
export interface ISsoRedirectOptions { export interface ISsoRedirectOptions {

6
src/Login.ts
View File

@ -102,7 +102,7 @@ export default class Login {
const oidcFlow = await tryInitOidcNativeFlow( const oidcFlow = await tryInitOidcNativeFlow(
this.delegatedAuthentication, this.delegatedAuthentication,
SdkConfig.get().brand, SdkConfig.get().brand,
SdkConfig.get().oidc_static_client_ids, SdkConfig.get().oidc_static_clients,
); );
return [oidcFlow]; return [oidcFlow];
} catch (error) { } catch (error) {
@ -211,9 +211,9 @@ export interface OidcNativeFlow extends ILoginFlow {
const tryInitOidcNativeFlow = async ( const tryInitOidcNativeFlow = async (
delegatedAuthConfig: ValidatedDelegatedAuthConfig, delegatedAuthConfig: ValidatedDelegatedAuthConfig,
brand: string, brand: string,
oidcStaticClientIds?: IConfigOptions["oidc_static_client_ids"], oidcStaticClients?: IConfigOptions["oidc_static_clients"],
): Promise<OidcNativeFlow> => { ): Promise<OidcNativeFlow> => {
const clientId = await getOidcClientId(delegatedAuthConfig, brand, window.location.origin, oidcStaticClientIds); const clientId = await getOidcClientId(delegatedAuthConfig, brand, window.location.origin, oidcStaticClients);
const flow = { const flow = {
type: "oidcNativeFlow", type: "oidcNativeFlow",

10
src/utils/oidc/registerClient.ts
View File

@ -17,6 +17,7 @@ limitations under the License.
import { logger } from "matrix-js-sdk/src/logger"; import { logger } from "matrix-js-sdk/src/logger";
import { registerOidcClient } from "matrix-js-sdk/src/oidc/register"; import { registerOidcClient } from "matrix-js-sdk/src/oidc/register";
import { IConfigOptions } from "../../IConfigOptions";
import { ValidatedDelegatedAuthConfig } from "../ValidatedServerConfig"; import { ValidatedDelegatedAuthConfig } from "../ValidatedServerConfig";
/** /**
@ -25,10 +26,13 @@ import { ValidatedDelegatedAuthConfig } from "../ValidatedServerConfig";
* @param staticOidcClients static client config from config.json * @param staticOidcClients static client config from config.json
* @returns clientId if found, otherwise undefined * @returns clientId if found, otherwise undefined
*/ */
const getStaticOidcClientId = (issuer: string, staticOidcClients?: Record<string, string>): string | undefined => { const getStaticOidcClientId = (
issuer: string,
staticOidcClients?: IConfigOptions["oidc_static_clients"],
): string | undefined => {
// static_oidc_clients are configured with a trailing slash // static_oidc_clients are configured with a trailing slash
const issuerWithTrailingSlash = issuer.endsWith("/") ? issuer : issuer + "/"; const issuerWithTrailingSlash = issuer.endsWith("/") ? issuer : issuer + "/";
return staticOidcClients?.[issuerWithTrailingSlash]; return staticOidcClients?.[issuerWithTrailingSlash]?.client_id;
}; };
/** /**
@ -46,7 +50,7 @@ export const getOidcClientId = async (
delegatedAuthConfig: ValidatedDelegatedAuthConfig, delegatedAuthConfig: ValidatedDelegatedAuthConfig,
clientName: string, clientName: string,
baseUrl: string, baseUrl: string,
staticOidcClients?: Record<string, string>, staticOidcClients?: IConfigOptions["oidc_static_clients"],
): Promise<string> => { ): Promise<string> => {
const staticClientId = getStaticOidcClientId(delegatedAuthConfig.issuer, staticOidcClients); const staticClientId = getStaticOidcClientId(delegatedAuthConfig.issuer, staticOidcClients);
if (staticClientId) { if (staticClientId) {

6
test/components/structures/auth/Login-test.tsx
View File

@ -37,7 +37,9 @@ jest.mock("matrix-js-sdk/src/matrix");
jest.useRealTimers(); jest.useRealTimers();
const oidcStaticClientsConfig = { const oidcStaticClientsConfig = {
"https://staticallyregisteredissuer.org/": "static-clientId-123", "https://staticallyregisteredissuer.org/": {
client_id: "static-clientId-123",
},
}; };
describe("Login", function () { describe("Login", function () {
@ -52,7 +54,7 @@ describe("Login", function () {
SdkConfig.put({ SdkConfig.put({
brand: "test-brand", brand: "test-brand",
disable_custom_urls: true, disable_custom_urls: true,
oidc_static_client_ids: oidcStaticClientsConfig, oidc_static_clients: oidcStaticClientsConfig,
}); });
mockClient.login.mockClear().mockResolvedValue({ mockClient.login.mockClear().mockResolvedValue({
access_token: "TOKEN", access_token: "TOKEN",

8
test/utils/oidc/registerClient-test.ts
View File

@ -27,7 +27,9 @@ describe("getOidcClientId()", () => {
const baseUrl = "https://just.testing"; const baseUrl = "https://just.testing";
const dynamicClientId = "xyz789"; const dynamicClientId = "xyz789";
const staticOidcClients = { const staticOidcClients = {
[issuer]: "abc123", [issuer]: {
client_id: "abc123",
},
}; };
const delegatedAuthConfig = { const delegatedAuthConfig = {
issuer, issuer,
@ -42,9 +44,7 @@ describe("getOidcClientId()", () => {
}); });
it("should return static clientId when configured", async () => { it("should return static clientId when configured", async () => {
expect(await getOidcClientId(delegatedAuthConfig, clientName, baseUrl, staticOidcClients)).toEqual( expect(await getOidcClientId(delegatedAuthConfig, clientName, baseUrl, staticOidcClients)).toEqual("abc123");
staticOidcClients[issuer],
);
// didn't try to register // didn't try to register
expect(fetchMockJest).toHaveFetchedTimes(0); expect(fetchMockJest).toHaveFetchedTimes(0);
}); });