Matrix/element-web-Github
1
0
Fork 0
mirror of https://github.com/vector-im/element-web.git synced 2024-11-25 09:58:11 +08:00
Code Issues Packages Projects Releases Wiki Activity
b084ff2313
element-web-Github/test/unit-tests/stores/oidc/OidcClientStore-test.ts

Ignoring revisions in .git-blame-ignore-revs. Click here to bypass and see the normal blame view.

247 lines
9.0 KiB
TypeScript
Raw Normal View History

OIDC: Persist details in session storage, create store (#11302) * utils to persist clientId and issuer after oidc authentication * add dep oidc-client-ts * persist issuer and clientId after successful oidc auth * add OidcClientStore * comments and tidy * format
2023-07-21 05:30:19 +08:00
/*
Change license (#13) * Copyright headers 1 * Licence headers 2 * Copyright Headers 3 * Copyright Headers 4 * Copyright Headers 5 * Copyright Headers 6 * Copyright headers 7 * Add copyright headers for html and config file * Replace license files and update package.json * Update with CLA * lint
2024-09-09 21:57:16 +08:00
Copyright 2024 New Vector Ltd.
OIDC: Persist details in session storage, create store (#11302) * utils to persist clientId and issuer after oidc authentication * add dep oidc-client-ts * persist issuer and clientId after successful oidc auth * add OidcClientStore * comments and tidy * format
2023-07-21 05:30:19 +08:00
Copyright 2023 The Matrix.org Foundation C.I.C.
Change license (#13) * Copyright headers 1 * Licence headers 2 * Copyright Headers 3 * Copyright Headers 4 * Copyright Headers 5 * Copyright Headers 6 * Copyright headers 7 * Add copyright headers for html and config file * Replace license files and update package.json * Update with CLA * lint
2024-09-09 21:57:16 +08:00
SPDX-License-Identifier: AGPL-3.0-only OR GPL-3.0-only
Please see LICENSE files in the repository root for full details.
OIDC: Persist details in session storage, create store (#11302) * utils to persist clientId and issuer after oidc authentication * add dep oidc-client-ts * persist issuer and clientId after successful oidc auth * add OidcClientStore * comments and tidy * format
2023-07-21 05:30:19 +08:00
*/
OIDC: revoke tokens on logout (#11718) * test persistCredentials without a pickle key * test setLoggedIn with pickle key * lint * type error * extract token persisting code into function, persist refresh token * store has_refresh_token too * pass refreshToken from oidcAuthGrant into credentials * rest restore session with pickle key * retreive stored refresh token and add to credentials * extract token decryption into function * remove TODO * very messy poc * utils to persist clientId and issuer after oidc authentication * add dep oidc-client-ts * persist issuer and clientId after successful oidc auth * add OidcClientStore * comments and tidy * expose getters for stored refresh and access tokens in Lifecycle * revoke tokens with oidc provider * test logout action in MatrixChat * comments * prettier * test OidcClientStore.revokeTokens * put pickle key destruction back * comment pedantry * working refresh without persistence * extract token persistence functions to utils * add sugar * implement TokenRefresher class with persistence * tidying * persist idTokenClaims * persist idTokenClaims * tests * remove unused cde * create token refresher during doSetLoggedIn * tidying * also tidying * OidcClientStore.initClient use stored issuer when client well known unavailable * test Lifecycle.logout * update Lifecycle test replaceUsingCreds calls * fix test * tidy * test tokenrefresher creation in login flow * test token refresher * Update src/utils/oidc/TokenRefresher.ts Co-authored-by: Richard van der Hoff <1389908+richvdh@users.noreply.github.com> * use literal value for m.authentication Co-authored-by: Richard van der Hoff <1389908+richvdh@users.noreply.github.com> * improve comments * fix test mock, comment * typo * add sdkContext to SoftLogout, pass oidcClientStore to logout * fullstops * comments * fussy comment formatting --------- Co-authored-by: Richard van der Hoff <1389908+richvdh@users.noreply.github.com>
2023-10-16 05:35:25 +08:00
import fetchMock from "fetch-mock-jest";
OIDC: Persist details in session storage, create store (#11302) * utils to persist clientId and issuer after oidc authentication * add dep oidc-client-ts * persist issuer and clientId after successful oidc auth * add OidcClientStore * comments and tidy * format
2023-07-21 05:30:19 +08:00
import { mocked } from "jest-mock";
OIDC: revoke tokens on logout (#11718) * test persistCredentials without a pickle key * test setLoggedIn with pickle key * lint * type error * extract token persisting code into function, persist refresh token * store has_refresh_token too * pass refreshToken from oidcAuthGrant into credentials * rest restore session with pickle key * retreive stored refresh token and add to credentials * extract token decryption into function * remove TODO * very messy poc * utils to persist clientId and issuer after oidc authentication * add dep oidc-client-ts * persist issuer and clientId after successful oidc auth * add OidcClientStore * comments and tidy * expose getters for stored refresh and access tokens in Lifecycle * revoke tokens with oidc provider * test logout action in MatrixChat * comments * prettier * test OidcClientStore.revokeTokens * put pickle key destruction back * comment pedantry * working refresh without persistence * extract token persistence functions to utils * add sugar * implement TokenRefresher class with persistence * tidying * persist idTokenClaims * persist idTokenClaims * tests * remove unused cde * create token refresher during doSetLoggedIn * tidying * also tidying * OidcClientStore.initClient use stored issuer when client well known unavailable * test Lifecycle.logout * update Lifecycle test replaceUsingCreds calls * fix test * tidy * test tokenrefresher creation in login flow * test token refresher * Update src/utils/oidc/TokenRefresher.ts Co-authored-by: Richard van der Hoff <1389908+richvdh@users.noreply.github.com> * use literal value for m.authentication Co-authored-by: Richard van der Hoff <1389908+richvdh@users.noreply.github.com> * improve comments * fix test mock, comment * typo * add sdkContext to SoftLogout, pass oidcClientStore to logout * fullstops * comments * fussy comment formatting --------- Co-authored-by: Richard van der Hoff <1389908+richvdh@users.noreply.github.com>
2023-10-16 05:35:25 +08:00
import { OidcClient } from "oidc-client-ts";
OIDC: Persist details in session storage, create store (#11302) * utils to persist clientId and issuer after oidc authentication * add dep oidc-client-ts * persist issuer and clientId after successful oidc auth * add OidcClientStore * comments and tidy * format
2023-07-21 05:30:19 +08:00
import { logger } from "matrix-js-sdk/src/logger";
Update MSC2965 OIDC Discovery implementation (#12245) Co-authored-by: Richard van der Hoff <1389908+richvdh@users.noreply.github.com>
2024-02-24 00:43:14 +08:00
import { discoverAndValidateOIDCIssuerWellKnown } from "matrix-js-sdk/src/matrix";
OIDC: Persist details in session storage, create store (#11302) * utils to persist clientId and issuer after oidc authentication * add dep oidc-client-ts * persist issuer and clientId after successful oidc auth * add OidcClientStore * comments and tidy * format
2023-07-21 05:30:19 +08:00
import { OidcError } from "matrix-js-sdk/src/oidc/error";
import { OidcClientStore } from "../../../src/stores/oidc/OidcClientStore";
Fix Native OIDC for Element Desktop (#12253) * Reuse exported common type Signed-off-by: Michael Telatynski <7t3chguy@gmail.com> * Improve client metadata used for OIDC dynamic registration Signed-off-by: Michael Telatynski <7t3chguy@gmail.com> * Fix Native OIDC for Element Desktop by including ssoid in the url_state of the /auth call Signed-off-by: Michael Telatynski <7t3chguy@gmail.com> * Reuse exported common type Signed-off-by: Michael Telatynski <7t3chguy@gmail.com> * Improve client metadata used for OIDC dynamic registration Signed-off-by: Michael Telatynski <7t3chguy@gmail.com> * Fix typo Signed-off-by: Michael Telatynski <7t3chguy@gmail.com> * Fix test Signed-off-by: Michael Telatynski <7t3chguy@gmail.com> * Mock PlatformPeg Signed-off-by: Michael Telatynski <7t3chguy@gmail.com> * Mock platform Signed-off-by: Michael Telatynski <7t3chguy@gmail.com> * Add comment Signed-off-by: Michael Telatynski <7t3chguy@gmail.com> * Improve comment Signed-off-by: Michael Telatynski <7t3chguy@gmail.com> * Update src/BasePlatform.ts Co-authored-by: Richard van der Hoff <1389908+richvdh@users.noreply.github.com> --------- Signed-off-by: Michael Telatynski <7t3chguy@gmail.com> Co-authored-by: Richard van der Hoff <1389908+richvdh@users.noreply.github.com>
2024-02-19 23:10:11 +08:00
import { flushPromises, getMockClientWithEventEmitter, mockPlatformPeg } from "../../test-utils";
OIDC: Persist details in session storage, create store (#11302) * utils to persist clientId and issuer after oidc authentication * add dep oidc-client-ts * persist issuer and clientId after successful oidc auth * add OidcClientStore * comments and tidy * format
2023-07-21 05:30:19 +08:00
import { mockOpenIdConfiguration } from "../../test-utils/oidc";
Update MSC2965 OIDC Discovery implementation (#12245) Co-authored-by: Richard van der Hoff <1389908+richvdh@users.noreply.github.com>
2024-02-24 00:43:14 +08:00
jest.mock("matrix-js-sdk/src/matrix", () => ({
...jest.requireActual("matrix-js-sdk/src/matrix"),
discoverAndValidateOIDCIssuerWellKnown: jest.fn(),
OIDC: Persist details in session storage, create store (#11302) * utils to persist clientId and issuer after oidc authentication * add dep oidc-client-ts * persist issuer and clientId after successful oidc auth * add OidcClientStore * comments and tidy * format
2023-07-21 05:30:19 +08:00
}));
describe("OidcClientStore", () => {
const clientId = "test-client-id";
const metadata = mockOpenIdConfiguration();
const account = metadata.issuer + "account";
const mockClient = getMockClientWithEventEmitter({
Update MSC2965 OIDC Discovery implementation (#12245) Co-authored-by: Richard van der Hoff <1389908+richvdh@users.noreply.github.com>
2024-02-24 00:43:14 +08:00
getAuthIssuer: jest.fn(),
OIDC: Persist details in session storage, create store (#11302) * utils to persist clientId and issuer after oidc authentication * add dep oidc-client-ts * persist issuer and clientId after successful oidc auth * add OidcClientStore * comments and tidy * format
2023-07-21 05:30:19 +08:00
});
beforeEach(() => {
Fix OIDC bugs due to amnesiac stores forgetting OIDC issuer & other data (#12166) * Fix OIDC bugs due to amnesiac stores forgetting OIDC issuer & other data Signed-off-by: Michael Telatynski <7t3chguy@gmail.com> * Fix tests Signed-off-by: Michael Telatynski <7t3chguy@gmail.com> --------- Signed-off-by: Michael Telatynski <7t3chguy@gmail.com>
2024-01-23 21:34:10 +08:00
localStorage.clear();
localStorage.setItem("mx_oidc_client_id", clientId);
localStorage.setItem("mx_oidc_token_issuer", metadata.issuer);
Update MSC2965 OIDC Discovery implementation (#12245) Co-authored-by: Richard van der Hoff <1389908+richvdh@users.noreply.github.com>
2024-02-24 00:43:14 +08:00
mocked(discoverAndValidateOIDCIssuerWellKnown).mockClear().mockResolvedValue({
OIDC: Persist details in session storage, create store (#11302) * utils to persist clientId and issuer after oidc authentication * add dep oidc-client-ts * persist issuer and clientId after successful oidc auth * add OidcClientStore * comments and tidy * format
2023-07-21 05:30:19 +08:00
metadata,
Update MSC2965 OIDC Discovery implementation (#12245) Co-authored-by: Richard van der Hoff <1389908+richvdh@users.noreply.github.com>
2024-02-24 00:43:14 +08:00
accountManagementEndpoint: account,
authorizationEndpoint: "authorization-endpoint",
tokenEndpoint: "token-endpoint",
OIDC: Persist details in session storage, create store (#11302) * utils to persist clientId and issuer after oidc authentication * add dep oidc-client-ts * persist issuer and clientId after successful oidc auth * add OidcClientStore * comments and tidy * format
2023-07-21 05:30:19 +08:00
});
jest.spyOn(logger, "error").mockClear();
OIDC: revoke tokens on logout (#11718) * test persistCredentials without a pickle key * test setLoggedIn with pickle key * lint * type error * extract token persisting code into function, persist refresh token * store has_refresh_token too * pass refreshToken from oidcAuthGrant into credentials * rest restore session with pickle key * retreive stored refresh token and add to credentials * extract token decryption into function * remove TODO * very messy poc * utils to persist clientId and issuer after oidc authentication * add dep oidc-client-ts * persist issuer and clientId after successful oidc auth * add OidcClientStore * comments and tidy * expose getters for stored refresh and access tokens in Lifecycle * revoke tokens with oidc provider * test logout action in MatrixChat * comments * prettier * test OidcClientStore.revokeTokens * put pickle key destruction back * comment pedantry * working refresh without persistence * extract token persistence functions to utils * add sugar * implement TokenRefresher class with persistence * tidying * persist idTokenClaims * persist idTokenClaims * tests * remove unused cde * create token refresher during doSetLoggedIn * tidying * also tidying * OidcClientStore.initClient use stored issuer when client well known unavailable * test Lifecycle.logout * update Lifecycle test replaceUsingCreds calls * fix test * tidy * test tokenrefresher creation in login flow * test token refresher * Update src/utils/oidc/TokenRefresher.ts Co-authored-by: Richard van der Hoff <1389908+richvdh@users.noreply.github.com> * use literal value for m.authentication Co-authored-by: Richard van der Hoff <1389908+richvdh@users.noreply.github.com> * improve comments * fix test mock, comment * typo * add sdkContext to SoftLogout, pass oidcClientStore to logout * fullstops * comments * fussy comment formatting --------- Co-authored-by: Richard van der Hoff <1389908+richvdh@users.noreply.github.com>
2023-10-16 05:35:25 +08:00
fetchMock.get(`${metadata.issuer}.well-known/openid-configuration`, metadata);
Update MSC2965 OIDC Discovery implementation (#12245) Co-authored-by: Richard van der Hoff <1389908+richvdh@users.noreply.github.com>
2024-02-24 00:43:14 +08:00
fetchMock.get(`${metadata.issuer}jwks`, { keys: [] });
Fix Native OIDC for Element Desktop (#12253) * Reuse exported common type Signed-off-by: Michael Telatynski <7t3chguy@gmail.com> * Improve client metadata used for OIDC dynamic registration Signed-off-by: Michael Telatynski <7t3chguy@gmail.com> * Fix Native OIDC for Element Desktop by including ssoid in the url_state of the /auth call Signed-off-by: Michael Telatynski <7t3chguy@gmail.com> * Reuse exported common type Signed-off-by: Michael Telatynski <7t3chguy@gmail.com> * Improve client metadata used for OIDC dynamic registration Signed-off-by: Michael Telatynski <7t3chguy@gmail.com> * Fix typo Signed-off-by: Michael Telatynski <7t3chguy@gmail.com> * Fix test Signed-off-by: Michael Telatynski <7t3chguy@gmail.com> * Mock PlatformPeg Signed-off-by: Michael Telatynski <7t3chguy@gmail.com> * Mock platform Signed-off-by: Michael Telatynski <7t3chguy@gmail.com> * Add comment Signed-off-by: Michael Telatynski <7t3chguy@gmail.com> * Improve comment Signed-off-by: Michael Telatynski <7t3chguy@gmail.com> * Update src/BasePlatform.ts Co-authored-by: Richard van der Hoff <1389908+richvdh@users.noreply.github.com> --------- Signed-off-by: Michael Telatynski <7t3chguy@gmail.com> Co-authored-by: Richard van der Hoff <1389908+richvdh@users.noreply.github.com>
2024-02-19 23:10:11 +08:00
mockPlatformPeg();
OIDC: Persist details in session storage, create store (#11302) * utils to persist clientId and issuer after oidc authentication * add dep oidc-client-ts * persist issuer and clientId after successful oidc auth * add OidcClientStore * comments and tidy * format
2023-07-21 05:30:19 +08:00
});
describe("isUserAuthenticatedWithOidc()", () => {
it("should return true when an issuer is in session storage", () => {
const store = new OidcClientStore(mockClient);
expect(store.isUserAuthenticatedWithOidc).toEqual(true);
});
it("should return false when no issuer is in session storage", () => {
Fix OIDC bugs due to amnesiac stores forgetting OIDC issuer & other data (#12166) * Fix OIDC bugs due to amnesiac stores forgetting OIDC issuer & other data Signed-off-by: Michael Telatynski <7t3chguy@gmail.com> * Fix tests Signed-off-by: Michael Telatynski <7t3chguy@gmail.com> --------- Signed-off-by: Michael Telatynski <7t3chguy@gmail.com>
2024-01-23 21:34:10 +08:00
localStorage.clear();
OIDC: Persist details in session storage, create store (#11302) * utils to persist clientId and issuer after oidc authentication * add dep oidc-client-ts * persist issuer and clientId after successful oidc auth * add OidcClientStore * comments and tidy * format
2023-07-21 05:30:19 +08:00
const store = new OidcClientStore(mockClient);
expect(store.isUserAuthenticatedWithOidc).toEqual(false);
});
});
describe("initialising oidcClient", () => {
it("should initialise oidc client from constructor", () => {
const store = new OidcClientStore(mockClient);
// started initialising
// @ts-ignore private property
expect(store.initialisingOidcClientPromise).toBeTruthy();
});
OIDC: revoke tokens on logout (#11718) * test persistCredentials without a pickle key * test setLoggedIn with pickle key * lint * type error * extract token persisting code into function, persist refresh token * store has_refresh_token too * pass refreshToken from oidcAuthGrant into credentials * rest restore session with pickle key * retreive stored refresh token and add to credentials * extract token decryption into function * remove TODO * very messy poc * utils to persist clientId and issuer after oidc authentication * add dep oidc-client-ts * persist issuer and clientId after successful oidc auth * add OidcClientStore * comments and tidy * expose getters for stored refresh and access tokens in Lifecycle * revoke tokens with oidc provider * test logout action in MatrixChat * comments * prettier * test OidcClientStore.revokeTokens * put pickle key destruction back * comment pedantry * working refresh without persistence * extract token persistence functions to utils * add sugar * implement TokenRefresher class with persistence * tidying * persist idTokenClaims * persist idTokenClaims * tests * remove unused cde * create token refresher during doSetLoggedIn * tidying * also tidying * OidcClientStore.initClient use stored issuer when client well known unavailable * test Lifecycle.logout * update Lifecycle test replaceUsingCreds calls * fix test * tidy * test tokenrefresher creation in login flow * test token refresher * Update src/utils/oidc/TokenRefresher.ts Co-authored-by: Richard van der Hoff <1389908+richvdh@users.noreply.github.com> * use literal value for m.authentication Co-authored-by: Richard van der Hoff <1389908+richvdh@users.noreply.github.com> * improve comments * fix test mock, comment * typo * add sdkContext to SoftLogout, pass oidcClientStore to logout * fullstops * comments * fussy comment formatting --------- Co-authored-by: Richard van der Hoff <1389908+richvdh@users.noreply.github.com>
2023-10-16 05:35:25 +08:00
it("should fallback to stored issuer when no client well known is available", async () => {
OIDC: Persist details in session storage, create store (#11302) * utils to persist clientId and issuer after oidc authentication * add dep oidc-client-ts * persist issuer and clientId after successful oidc auth * add OidcClientStore * comments and tidy * format
2023-07-21 05:30:19 +08:00
const store = new OidcClientStore(mockClient);
OIDC: revoke tokens on logout (#11718) * test persistCredentials without a pickle key * test setLoggedIn with pickle key * lint * type error * extract token persisting code into function, persist refresh token * store has_refresh_token too * pass refreshToken from oidcAuthGrant into credentials * rest restore session with pickle key * retreive stored refresh token and add to credentials * extract token decryption into function * remove TODO * very messy poc * utils to persist clientId and issuer after oidc authentication * add dep oidc-client-ts * persist issuer and clientId after successful oidc auth * add OidcClientStore * comments and tidy * expose getters for stored refresh and access tokens in Lifecycle * revoke tokens with oidc provider * test logout action in MatrixChat * comments * prettier * test OidcClientStore.revokeTokens * put pickle key destruction back * comment pedantry * working refresh without persistence * extract token persistence functions to utils * add sugar * implement TokenRefresher class with persistence * tidying * persist idTokenClaims * persist idTokenClaims * tests * remove unused cde * create token refresher during doSetLoggedIn * tidying * also tidying * OidcClientStore.initClient use stored issuer when client well known unavailable * test Lifecycle.logout * update Lifecycle test replaceUsingCreds calls * fix test * tidy * test tokenrefresher creation in login flow * test token refresher * Update src/utils/oidc/TokenRefresher.ts Co-authored-by: Richard van der Hoff <1389908+richvdh@users.noreply.github.com> * use literal value for m.authentication Co-authored-by: Richard van der Hoff <1389908+richvdh@users.noreply.github.com> * improve comments * fix test mock, comment * typo * add sdkContext to SoftLogout, pass oidcClientStore to logout * fullstops * comments * fussy comment formatting --------- Co-authored-by: Richard van der Hoff <1389908+richvdh@users.noreply.github.com>
2023-10-16 05:35:25 +08:00
// successfully created oidc client
OIDC: Persist details in session storage, create store (#11302) * utils to persist clientId and issuer after oidc authentication * add dep oidc-client-ts * persist issuer and clientId after successful oidc auth * add OidcClientStore * comments and tidy * format
2023-07-21 05:30:19 +08:00
// @ts-ignore private property
OIDC: revoke tokens on logout (#11718) * test persistCredentials without a pickle key * test setLoggedIn with pickle key * lint * type error * extract token persisting code into function, persist refresh token * store has_refresh_token too * pass refreshToken from oidcAuthGrant into credentials * rest restore session with pickle key * retreive stored refresh token and add to credentials * extract token decryption into function * remove TODO * very messy poc * utils to persist clientId and issuer after oidc authentication * add dep oidc-client-ts * persist issuer and clientId after successful oidc auth * add OidcClientStore * comments and tidy * expose getters for stored refresh and access tokens in Lifecycle * revoke tokens with oidc provider * test logout action in MatrixChat * comments * prettier * test OidcClientStore.revokeTokens * put pickle key destruction back * comment pedantry * working refresh without persistence * extract token persistence functions to utils * add sugar * implement TokenRefresher class with persistence * tidying * persist idTokenClaims * persist idTokenClaims * tests * remove unused cde * create token refresher during doSetLoggedIn * tidying * also tidying * OidcClientStore.initClient use stored issuer when client well known unavailable * test Lifecycle.logout * update Lifecycle test replaceUsingCreds calls * fix test * tidy * test tokenrefresher creation in login flow * test token refresher * Update src/utils/oidc/TokenRefresher.ts Co-authored-by: Richard van der Hoff <1389908+richvdh@users.noreply.github.com> * use literal value for m.authentication Co-authored-by: Richard van der Hoff <1389908+richvdh@users.noreply.github.com> * improve comments * fix test mock, comment * typo * add sdkContext to SoftLogout, pass oidcClientStore to logout * fullstops * comments * fussy comment formatting --------- Co-authored-by: Richard van der Hoff <1389908+richvdh@users.noreply.github.com>
2023-10-16 05:35:25 +08:00
expect(await store.getOidcClient()).toBeTruthy();
OIDC: Persist details in session storage, create store (#11302) * utils to persist clientId and issuer after oidc authentication * add dep oidc-client-ts * persist issuer and clientId after successful oidc auth * add OidcClientStore * comments and tidy * format
2023-07-21 05:30:19 +08:00
});
it("should log and return when no clientId is found in storage", async () => {
Fix OIDC bugs due to amnesiac stores forgetting OIDC issuer & other data (#12166) * Fix OIDC bugs due to amnesiac stores forgetting OIDC issuer & other data Signed-off-by: Michael Telatynski <7t3chguy@gmail.com> * Fix tests Signed-off-by: Michael Telatynski <7t3chguy@gmail.com> --------- Signed-off-by: Michael Telatynski <7t3chguy@gmail.com>
2024-01-23 21:34:10 +08:00
localStorage.removeItem("mx_oidc_client_id");
OIDC: Persist details in session storage, create store (#11302) * utils to persist clientId and issuer after oidc authentication * add dep oidc-client-ts * persist issuer and clientId after successful oidc auth * add OidcClientStore * comments and tidy * format
2023-07-21 05:30:19 +08:00
const store = new OidcClientStore(mockClient);
OIDC: revoke tokens on logout (#11718) * test persistCredentials without a pickle key * test setLoggedIn with pickle key * lint * type error * extract token persisting code into function, persist refresh token * store has_refresh_token too * pass refreshToken from oidcAuthGrant into credentials * rest restore session with pickle key * retreive stored refresh token and add to credentials * extract token decryption into function * remove TODO * very messy poc * utils to persist clientId and issuer after oidc authentication * add dep oidc-client-ts * persist issuer and clientId after successful oidc auth * add OidcClientStore * comments and tidy * expose getters for stored refresh and access tokens in Lifecycle * revoke tokens with oidc provider * test logout action in MatrixChat * comments * prettier * test OidcClientStore.revokeTokens * put pickle key destruction back * comment pedantry * working refresh without persistence * extract token persistence functions to utils * add sugar * implement TokenRefresher class with persistence * tidying * persist idTokenClaims * persist idTokenClaims * tests * remove unused cde * create token refresher during doSetLoggedIn * tidying * also tidying * OidcClientStore.initClient use stored issuer when client well known unavailable * test Lifecycle.logout * update Lifecycle test replaceUsingCreds calls * fix test * tidy * test tokenrefresher creation in login flow * test token refresher * Update src/utils/oidc/TokenRefresher.ts Co-authored-by: Richard van der Hoff <1389908+richvdh@users.noreply.github.com> * use literal value for m.authentication Co-authored-by: Richard van der Hoff <1389908+richvdh@users.noreply.github.com> * improve comments * fix test mock, comment * typo * add sdkContext to SoftLogout, pass oidcClientStore to logout * fullstops * comments * fussy comment formatting --------- Co-authored-by: Richard van der Hoff <1389908+richvdh@users.noreply.github.com>
2023-10-16 05:35:25 +08:00
// no oidc client
// @ts-ignore private property
expect(await store.getOidcClient()).toEqual(undefined);
OIDC: Persist details in session storage, create store (#11302) * utils to persist clientId and issuer after oidc authentication * add dep oidc-client-ts * persist issuer and clientId after successful oidc auth * add OidcClientStore * comments and tidy * format
2023-07-21 05:30:19 +08:00
expect(logger.error).toHaveBeenCalledWith(
"Failed to initialise OidcClientStore",
new Error("Oidc client id not found in storage"),
);
});
it("should log and return when discovery and validation fails", async () => {
Update MSC2965 OIDC Discovery implementation (#12245) Co-authored-by: Richard van der Hoff <1389908+richvdh@users.noreply.github.com>
2024-02-24 00:43:14 +08:00
mocked(discoverAndValidateOIDCIssuerWellKnown).mockRejectedValue(new Error(OidcError.OpSupport));
OIDC: Persist details in session storage, create store (#11302) * utils to persist clientId and issuer after oidc authentication * add dep oidc-client-ts * persist issuer and clientId after successful oidc auth * add OidcClientStore * comments and tidy * format
2023-07-21 05:30:19 +08:00
const store = new OidcClientStore(mockClient);
Update MSC2965 OIDC Discovery implementation (#12245) Co-authored-by: Richard van der Hoff <1389908+richvdh@users.noreply.github.com>
2024-02-24 00:43:14 +08:00
await store.readyPromise;
OIDC: Persist details in session storage, create store (#11302) * utils to persist clientId and issuer after oidc authentication * add dep oidc-client-ts * persist issuer and clientId after successful oidc auth * add OidcClientStore * comments and tidy * format
2023-07-21 05:30:19 +08:00
expect(logger.error).toHaveBeenCalledWith(
"Failed to initialise OidcClientStore",
new Error(OidcError.OpSupport),
);
// no oidc client
// @ts-ignore private property
expect(await store.getOidcClient()).toEqual(undefined);
});
it("should create oidc client correctly", async () => {
const store = new OidcClientStore(mockClient);
// @ts-ignore private property
const client = await store.getOidcClient();
expect(client?.settings.client_id).toEqual(clientId);
expect(client?.settings.authority).toEqual(metadata.issuer);
});
it("should set account management endpoint when configured", async () => {
const store = new OidcClientStore(mockClient);
// @ts-ignore private property
await store.getOidcClient();
expect(store.accountManagementEndpoint).toEqual(account);
});
it("should set account management endpoint to issuer when not configured", async () => {
Update MSC2965 OIDC Discovery implementation (#12245) Co-authored-by: Richard van der Hoff <1389908+richvdh@users.noreply.github.com>
2024-02-24 00:43:14 +08:00
mocked(discoverAndValidateOIDCIssuerWellKnown).mockClear().mockResolvedValue({
OIDC: Persist details in session storage, create store (#11302) * utils to persist clientId and issuer after oidc authentication * add dep oidc-client-ts * persist issuer and clientId after successful oidc auth * add OidcClientStore * comments and tidy * format
2023-07-21 05:30:19 +08:00
metadata,
Update MSC2965 OIDC Discovery implementation (#12245) Co-authored-by: Richard van der Hoff <1389908+richvdh@users.noreply.github.com>
2024-02-24 00:43:14 +08:00
accountManagementEndpoint: undefined,
authorizationEndpoint: "authorization-endpoint",
tokenEndpoint: "token-endpoint",
OIDC: Persist details in session storage, create store (#11302) * utils to persist clientId and issuer after oidc authentication * add dep oidc-client-ts * persist issuer and clientId after successful oidc auth * add OidcClientStore * comments and tidy * format
2023-07-21 05:30:19 +08:00
});
const store = new OidcClientStore(mockClient);
Update MSC2965 OIDC Discovery implementation (#12245) Co-authored-by: Richard van der Hoff <1389908+richvdh@users.noreply.github.com>
2024-02-24 00:43:14 +08:00
await store.readyPromise;
OIDC: Persist details in session storage, create store (#11302) * utils to persist clientId and issuer after oidc authentication * add dep oidc-client-ts * persist issuer and clientId after successful oidc auth * add OidcClientStore * comments and tidy * format
2023-07-21 05:30:19 +08:00
expect(store.accountManagementEndpoint).toEqual(metadata.issuer);
});
it("should reuse initialised oidc client", async () => {
const store = new OidcClientStore(mockClient);
// @ts-ignore private property
store.getOidcClient();
// @ts-ignore private property
store.getOidcClient();
await flushPromises();
// finished initialising
// @ts-ignore private property
expect(await store.getOidcClient()).toBeTruthy();
// @ts-ignore private property
store.getOidcClient();
// only called once for multiple calls to getOidcClient
// before and after initialisation is complete
Update MSC2965 OIDC Discovery implementation (#12245) Co-authored-by: Richard van der Hoff <1389908+richvdh@users.noreply.github.com>
2024-02-24 00:43:14 +08:00
expect(discoverAndValidateOIDCIssuerWellKnown).toHaveBeenCalledTimes(1);
OIDC: Persist details in session storage, create store (#11302) * utils to persist clientId and issuer after oidc authentication * add dep oidc-client-ts * persist issuer and clientId after successful oidc auth * add OidcClientStore * comments and tidy * format
2023-07-21 05:30:19 +08:00
});
});
OIDC: revoke tokens on logout (#11718) * test persistCredentials without a pickle key * test setLoggedIn with pickle key * lint * type error * extract token persisting code into function, persist refresh token * store has_refresh_token too * pass refreshToken from oidcAuthGrant into credentials * rest restore session with pickle key * retreive stored refresh token and add to credentials * extract token decryption into function * remove TODO * very messy poc * utils to persist clientId and issuer after oidc authentication * add dep oidc-client-ts * persist issuer and clientId after successful oidc auth * add OidcClientStore * comments and tidy * expose getters for stored refresh and access tokens in Lifecycle * revoke tokens with oidc provider * test logout action in MatrixChat * comments * prettier * test OidcClientStore.revokeTokens * put pickle key destruction back * comment pedantry * working refresh without persistence * extract token persistence functions to utils * add sugar * implement TokenRefresher class with persistence * tidying * persist idTokenClaims * persist idTokenClaims * tests * remove unused cde * create token refresher during doSetLoggedIn * tidying * also tidying * OidcClientStore.initClient use stored issuer when client well known unavailable * test Lifecycle.logout * update Lifecycle test replaceUsingCreds calls * fix test * tidy * test tokenrefresher creation in login flow * test token refresher * Update src/utils/oidc/TokenRefresher.ts Co-authored-by: Richard van der Hoff <1389908+richvdh@users.noreply.github.com> * use literal value for m.authentication Co-authored-by: Richard van der Hoff <1389908+richvdh@users.noreply.github.com> * improve comments * fix test mock, comment * typo * add sdkContext to SoftLogout, pass oidcClientStore to logout * fullstops * comments * fussy comment formatting --------- Co-authored-by: Richard van der Hoff <1389908+richvdh@users.noreply.github.com>
2023-10-16 05:35:25 +08:00
describe("revokeTokens()", () => {
const accessToken = "test-access-token";
const refreshToken = "test-refresh-token";
beforeEach(() => {
// spy and call through
jest.spyOn(OidcClient.prototype, "revokeToken").mockClear();
fetchMock.resetHistory();
fetchMock.post(
metadata.revocation_endpoint,
{
status: 200,
},
{ sendAsJson: true },
);
});
it("should throw when oidcClient could not be initialised", async () => {
// make oidcClient initialisation fail
Fix OIDC bugs due to amnesiac stores forgetting OIDC issuer & other data (#12166) * Fix OIDC bugs due to amnesiac stores forgetting OIDC issuer & other data Signed-off-by: Michael Telatynski <7t3chguy@gmail.com> * Fix tests Signed-off-by: Michael Telatynski <7t3chguy@gmail.com> --------- Signed-off-by: Michael Telatynski <7t3chguy@gmail.com>
2024-01-23 21:34:10 +08:00
localStorage.removeItem("mx_oidc_token_issuer");
OIDC: revoke tokens on logout (#11718) * test persistCredentials without a pickle key * test setLoggedIn with pickle key * lint * type error * extract token persisting code into function, persist refresh token * store has_refresh_token too * pass refreshToken from oidcAuthGrant into credentials * rest restore session with pickle key * retreive stored refresh token and add to credentials * extract token decryption into function * remove TODO * very messy poc * utils to persist clientId and issuer after oidc authentication * add dep oidc-client-ts * persist issuer and clientId after successful oidc auth * add OidcClientStore * comments and tidy * expose getters for stored refresh and access tokens in Lifecycle * revoke tokens with oidc provider * test logout action in MatrixChat * comments * prettier * test OidcClientStore.revokeTokens * put pickle key destruction back * comment pedantry * working refresh without persistence * extract token persistence functions to utils * add sugar * implement TokenRefresher class with persistence * tidying * persist idTokenClaims * persist idTokenClaims * tests * remove unused cde * create token refresher during doSetLoggedIn * tidying * also tidying * OidcClientStore.initClient use stored issuer when client well known unavailable * test Lifecycle.logout * update Lifecycle test replaceUsingCreds calls * fix test * tidy * test tokenrefresher creation in login flow * test token refresher * Update src/utils/oidc/TokenRefresher.ts Co-authored-by: Richard van der Hoff <1389908+richvdh@users.noreply.github.com> * use literal value for m.authentication Co-authored-by: Richard van der Hoff <1389908+richvdh@users.noreply.github.com> * improve comments * fix test mock, comment * typo * add sdkContext to SoftLogout, pass oidcClientStore to logout * fullstops * comments * fussy comment formatting --------- Co-authored-by: Richard van der Hoff <1389908+richvdh@users.noreply.github.com>
2023-10-16 05:35:25 +08:00
const store = new OidcClientStore(mockClient);
await expect(() => store.revokeTokens(accessToken, refreshToken)).rejects.toThrow("No OIDC client");
});
it("should revoke access and refresh tokens", async () => {
const store = new OidcClientStore(mockClient);
await store.revokeTokens(accessToken, refreshToken);
expect(fetchMock).toHaveFetchedTimes(2, metadata.revocation_endpoint);
expect(OidcClient.prototype.revokeToken).toHaveBeenCalledWith(accessToken, "access_token");
expect(OidcClient.prototype.revokeToken).toHaveBeenCalledWith(refreshToken, "refresh_token");
});
it("should still attempt to revoke refresh token when access token revocation fails", async () => {
// fail once, then succeed
fetchMock
.postOnce(
metadata.revocation_endpoint,
{
status: 404,
},
{ overwriteRoutes: true, sendAsJson: true },
)
.post(
metadata.revocation_endpoint,
{
status: 200,
},
{ sendAsJson: true },
);
const store = new OidcClientStore(mockClient);
await expect(() => store.revokeTokens(accessToken, refreshToken)).rejects.toThrow(
"Failed to revoke tokens",
);
expect(fetchMock).toHaveFetchedTimes(2, metadata.revocation_endpoint);
expect(OidcClient.prototype.revokeToken).toHaveBeenCalledWith(accessToken, "access_token");
});
});
Update MSC2965 OIDC Discovery implementation (#12245) Co-authored-by: Richard van der Hoff <1389908+richvdh@users.noreply.github.com>
2024-02-24 00:43:14 +08:00
describe("OIDC Aware", () => {
beforeEach(() => {
localStorage.clear();
});
it("should resolve account management endpoint", async () => {
mockClient.getAuthIssuer.mockResolvedValue({ issuer: metadata.issuer });
const store = new OidcClientStore(mockClient);
await store.readyPromise;
expect(store.accountManagementEndpoint).toBe(account);
});
});
OIDC: Persist details in session storage, create store (#11302) * utils to persist clientId and issuer after oidc authentication * add dep oidc-client-ts * persist issuer and clientId after successful oidc auth * add OidcClientStore * comments and tidy * format
2023-07-21 05:30:19 +08:00
});
Reference in New Issue Copy Permalink