Fix account management link for delegated auth OIDC setups (#12144)

* Fix account management link for delegated auth OIDC setups Signed-off-by: Michael Telatynski <7t3chguy@gmail.com> * Fix comment Signed-off-by: Michael Telatynski <7t3chguy@gmail.com> --------- Signed-off-by: Michael Telatynski <7t3chguy@gmail.com>
2024-01-16 09:51:03 +00:00 · 2024-01-16 09:51:03 +00:00 · a465b1659f
parent 5983528a8d
commit a465b1659f
3 changed files with 91 additions and 1 deletions
--- a/src/stores/oidc/OidcClientStore.ts
+++ b/src/stores/oidc/OidcClientStore.ts
@ -20,6 +20,7 @@ import { logger } from "matrix-js-sdk/src/logger";
 import { OidcClient } from "oidc-client-ts";

 import { getStoredOidcTokenIssuer, getStoredOidcClientId } from "../../utils/oidc/persistOidcSettings";
+import { getDelegatedAuthAccountUrl } from "../../utils/oidc/getDelegatedAuthAccountUrl";

 /**
 * @experimental
@ -33,9 +34,10 @@ export class OidcClientStore {

    public constructor(private readonly matrixClient: MatrixClient) {
        this.authenticatedIssuer = getStoredOidcTokenIssuer();
-        // don't bother initialising store when we didnt authenticate via oidc
        if (this.authenticatedIssuer) {
            this.getOidcClient();
+        } else {
+            this._accountManagementEndpoint = getDelegatedAuthAccountUrl(matrixClient);
        }
    }

--- a/src/utils/oidc/getDelegatedAuthAccountUrl.ts
+++ b/src/utils/oidc/getDelegatedAuthAccountUrl.ts
@ -0,0 +1,27 @@
+/*
+Copyright 2023 The Matrix.org Foundation C.I.C.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+import { IClientWellKnown, IDelegatedAuthConfig, M_AUTHENTICATION } from "matrix-js-sdk/src/matrix";
+
+/**
+ * Get the delegated auth account management url if configured
+ * @param clientWellKnown from MatrixClient.getClientWellKnown
+ * @returns the account management url, or undefined
+ */
+export const getDelegatedAuthAccountUrl = (clientWellKnown: IClientWellKnown | undefined): string | undefined => {
+    const delegatedAuthConfig = M_AUTHENTICATION.findIn<IDelegatedAuthConfig | undefined>(clientWellKnown);
+    return delegatedAuthConfig?.account;
+};
--- a/test/utils/oidc/getDelegatedAuthAccountUrl-test.ts
+++ b/test/utils/oidc/getDelegatedAuthAccountUrl-test.ts
@ -0,0 +1,61 @@
+/*
+Copyright 2023 The Matrix.org Foundation C.I.C.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+import { M_AUTHENTICATION } from "matrix-js-sdk/src/matrix";
+
+import { getDelegatedAuthAccountUrl } from "../../../src/utils/oidc/getDelegatedAuthAccountUrl";
+
+describe("getDelegatedAuthAccountUrl()", () => {
+    it("should return undefined when wk is undefined", () => {
+        expect(getDelegatedAuthAccountUrl(undefined)).toBeUndefined();
+    });
+
+    it("should return undefined when wk has no authentication config", () => {
+        expect(getDelegatedAuthAccountUrl({})).toBeUndefined();
+    });
+
+    it("should return undefined when wk authentication config has no configured account url", () => {
+        expect(
+            getDelegatedAuthAccountUrl({
+                [M_AUTHENTICATION.stable!]: {
+                    issuer: "issuer.org",
+                },
+            }),
+        ).toBeUndefined();
+    });
+
+    it("should return the account url for authentication config using the unstable prefix", () => {
+        expect(
+            getDelegatedAuthAccountUrl({
+                [M_AUTHENTICATION.unstable!]: {
+                    issuer: "issuer.org",
+                    account: "issuer.org/account",
+                },
+            }),
+        ).toEqual("issuer.org/account");
+    });
+
+    it("should return the account url for authentication config using the stable prefix", () => {
+        expect(
+            getDelegatedAuthAccountUrl({
+                [M_AUTHENTICATION.stable!]: {
+                    issuer: "issuer.org",
+                    account: "issuer.org/account",
+                },
+            }),
+        ).toEqual("issuer.org/account");
+    });
+});