From 3a44388ed8b4a19d28194755b4eec29ae9eda5eb Mon Sep 17 00:00:00 2001 From: Norris Ng <103449568+norrisng-bc@users.noreply.github.com> Date: Mon, 15 Apr 2024 17:41:29 -0700 Subject: [PATCH] Swap out keycloak-connect for jsonwebtoken Implementation taken from COMS --- app/app.js | 6 +- app/package-lock.json | 676 +----------------- app/package.json | 1 - app/src/components/keycloak.js | 16 - app/src/components/utils.js | 40 ++ app/src/docs/index.js | 3 +- app/src/docs/v2.api-spec.yaml | 27 + app/src/middleware/authorization.js | 58 +- app/src/routes/v2/index.js | 8 +- .../unit/components/authorization.spec.js | 188 +++++ 10 files changed, 336 insertions(+), 687 deletions(-) delete mode 100644 app/src/components/keycloak.js create mode 100644 app/tests/unit/components/authorization.spec.js diff --git a/app/app.js b/app/app.js index a10cca6..0742a41 100644 --- a/app/app.js +++ b/app/app.js @@ -7,10 +7,9 @@ const helmet = require('helmet'); const { name: appName, version: appVersion } = require('./package.json'); const carboneCopyApi = require('./src/components/carboneCopyApi'); -const keycloak = require('./src/components/keycloak'); const log = require('./src/components/log')(module.filename); const httpLogger = require('./src/components/log').httpLogger; -const { getGitRevision, prettyStringify } = require('./src/components/utils'); +const { getConfigBoolean, getGitRevision, prettyStringify } = require('./src/components/utils'); const v2Router = require('./src/routes/v2'); const { authorizedParty } = require('./src/middleware/authorizedParty'); @@ -52,9 +51,8 @@ if (process.env.NODE_ENV !== 'test') { } // Use Keycloak OIDC Middleware -if (config.has('keycloak.enabled')) { +if (getConfigBoolean('keycloak.enabled')) { log.info('Running in authenticated mode'); - app.use(keycloak.middleware()); } else { log.info('Running in public mode'); } diff --git a/app/package-lock.json b/app/package-lock.json index 4253e92..ed9f77b 100644 --- a/app/package-lock.json +++ b/app/package-lock.json @@ -22,7 +22,6 @@ "helmet": "^7.1.0", "js-yaml": "^4.1.0", "jsonwebtoken": "^9.0.2", - "keycloak-connect": "^24.0.1", "lockfile": "^1.0.4", "mime-types": "^2.1.35", "multer": "^1.4.4-lts.1", @@ -1211,12 +1210,6 @@ "@sinonjs/commons": "^3.0.0" } }, - "node_modules/@testim/chrome-version": { - "version": "1.1.4", - "resolved": "https://registry.npmjs.org/@testim/chrome-version/-/chrome-version-1.1.4.tgz", - "integrity": "sha512-kIhULpw9TrGYnHp/8VfdcneIcxKnLixmADtukQRtJUmsVlMg0niMkwV0xZmi8hqa57xqilIHjWFA0GKvEjVU5g==", - "optional": true - }, "node_modules/@types/babel__core": { "version": "7.20.3", "resolved": "https://registry.npmjs.org/@types/babel__core/-/babel__core-7.20.3.tgz", @@ -1295,7 +1288,7 @@ "version": "14.11.2", "resolved": "https://registry.npmjs.org/@types/node/-/node-14.11.2.tgz", "integrity": "sha512-jiE3QIxJ8JLNcb1Ps6rDbysDhN4xa8DJJvuC9prr6w+1tIh+QAbYyNF3tyiZNLDBIuBCf4KEcV2UvQm/V60xfA==", - "devOptional": true + "dev": true }, "node_modules/@types/stack-utils": { "version": "2.0.2", @@ -1323,15 +1316,6 @@ "integrity": "sha512-5qcvofLPbfjmBfKaLfj/+f+Sbd6pN4zl7w7VSVI5uz7m9QZTuB2aZAa2uo1wHFBNN2x6g/SoTkXmd8mQnQF2Cw==", "dev": true }, - "node_modules/@types/yauzl": { - "version": "2.9.1", - "resolved": "https://registry.npmjs.org/@types/yauzl/-/yauzl-2.9.1.tgz", - "integrity": "sha512-A1b8SU4D10uoPjwb0lnHmmu8wZhR9d+9o2PKBQT2jU5YPTKsxac6M2qGAdY7VcL+dHHhARVUDmeg0rOrcd9EjA==", - "optional": true, - "dependencies": { - "@types/node": "*" - } - }, "node_modules/@ungap/structured-clone": { "version": "1.2.0", "resolved": "https://registry.npmjs.org/@ungap/structured-clone/-/structured-clone-1.2.0.tgz", @@ -1377,18 +1361,6 @@ "acorn": "^6.0.0 || ^7.0.0 || ^8.0.0" } }, - "node_modules/agent-base": { - "version": "6.0.2", - "resolved": "https://registry.npmjs.org/agent-base/-/agent-base-6.0.2.tgz", - "integrity": "sha512-RZNwNclF7+MS/8bDg70amg32dyeZGZxiDuQmZxKLAlQjr3jGyLx+4Kkk58UO7D2QdgFIQCovuSuZESne6RG6XQ==", - "optional": true, - "dependencies": { - "debug": "4" - }, - "engines": { - "node": ">= 6.0.0" - } - }, "node_modules/ajv": { "version": "6.12.6", "resolved": "https://registry.npmjs.org/ajv/-/ajv-6.12.6.tgz", @@ -1492,28 +1464,11 @@ "resolved": "https://registry.npmjs.org/array-flatten/-/array-flatten-1.1.1.tgz", "integrity": "sha1-ml9pkFGx5wczKPKgCJaLZOopVdI=" }, - "node_modules/asn1.js": { - "version": "5.4.1", - "resolved": "https://registry.npmjs.org/asn1.js/-/asn1.js-5.4.1.tgz", - "integrity": "sha512-+I//4cYPccV8LdmBLiX8CYvf9Sp3vQsrqu2QNXRcrbiWvcx/UdlFiqUJJzxRQxgsZmvhXhn4cSKeSmoFjVdupA==", - "dependencies": { - "bn.js": "^4.0.0", - "inherits": "^2.0.1", - "minimalistic-assert": "^1.0.0", - "safer-buffer": "^2.1.0" - } - }, "node_modules/async": { "version": "3.2.4", "resolved": "https://registry.npmjs.org/async/-/async-3.2.4.tgz", "integrity": "sha512-iAB+JbDEGXhyIUavoDl9WP/Jj106Kz9DEn1DPgYw5ruDn0e3Wgi3sKFm55sASdGBNOQB8F59d9qQ7deqrHA8wQ==" }, - "node_modules/asynckit": { - "version": "0.4.0", - "resolved": "https://registry.npmjs.org/asynckit/-/asynckit-0.4.0.tgz", - "integrity": "sha512-Oei9OH4tRh0YqU3GxhX79dM/mwVgvbZJaSNaRk+bshkj0S5cfHcgYakreBjrHwatXKbz+IoIdYLxrKim2MjW0Q==", - "optional": true - }, "node_modules/atob": { "version": "2.1.2", "resolved": "https://registry.npmjs.org/atob/-/atob-2.1.2.tgz", @@ -1525,17 +1480,6 @@ "node": ">= 4.5.0" } }, - "node_modules/axios": { - "version": "1.6.5", - "resolved": "https://registry.npmjs.org/axios/-/axios-1.6.5.tgz", - "integrity": "sha512-Ii012v05KEVuUoFWmMW/UQv9aRIc3ZwkWDcM+h5Il8izZCtRVpDUfwpoFf7eOtajT3QiGR4yDUx7lPqHJULgbg==", - "optional": true, - "dependencies": { - "follow-redirects": "^1.15.4", - "form-data": "^4.0.0", - "proxy-from-env": "^1.1.0" - } - }, "node_modules/babel-jest": { "version": "29.7.0", "resolved": "https://registry.npmjs.org/babel-jest/-/babel-jest-29.7.0.tgz", @@ -1667,11 +1611,6 @@ "node": ">=8" } }, - "node_modules/bn.js": { - "version": "4.12.0", - "resolved": "https://registry.npmjs.org/bn.js/-/bn.js-4.12.0.tgz", - "integrity": "sha512-c98Bf3tPniI+scsdk237ku1Dc3ujXQTSgyiPUDEOe7tRkhrqridvh8klBv0HCEso1OLOYcHuCv/cS6DNxKH+ZA==" - }, "node_modules/body-parser": { "version": "1.20.2", "resolved": "https://registry.npmjs.org/body-parser/-/body-parser-1.20.2.tgz", @@ -1725,11 +1664,6 @@ "node": ">=8" } }, - "node_modules/brorand": { - "version": "1.1.0", - "resolved": "https://registry.npmjs.org/brorand/-/brorand-1.1.0.tgz", - "integrity": "sha1-EsJe/kCkXjwyPrhnWgoM5XsiNx8=" - }, "node_modules/browserslist": { "version": "4.22.1", "resolved": "https://registry.npmjs.org/browserslist/-/browserslist-4.22.1.tgz", @@ -1782,7 +1716,7 @@ "node_modules/buffer-equal-constant-time": { "version": "1.0.1", "resolved": "https://registry.npmjs.org/buffer-equal-constant-time/-/buffer-equal-constant-time-1.0.1.tgz", - "integrity": "sha1-+OcRMvf/5uAaXJaXpMbz5I1cyBk=" + "integrity": "sha512-zRpUiDwd/xk6ADqPMATG8vc9VPrkck7T07OIx0gnjmJAnHnTVXNQG3vfvWNuiZIkwu9KrKdA1iJKfsfTVxE6NA==" }, "node_modules/buffer-from": { "version": "1.1.1", @@ -1977,28 +1911,6 @@ "fsevents": "~2.3.2" } }, - "node_modules/chromedriver": { - "version": "120.0.1", - "resolved": "https://registry.npmjs.org/chromedriver/-/chromedriver-120.0.1.tgz", - "integrity": "sha512-ETTJlkibcAmvoKsaEoq2TFqEsJw18N0O9gOQZX6Uv/XoEiOV8p+IZdidMeIRYELWJIgCZESvlOx5d1QVnB4v0w==", - "hasInstallScript": true, - "optional": true, - "dependencies": { - "@testim/chrome-version": "^1.1.4", - "axios": "^1.6.0", - "compare-versions": "^6.1.0", - "extract-zip": "^2.0.1", - "https-proxy-agent": "^5.0.1", - "proxy-from-env": "^1.1.0", - "tcp-port-used": "^1.0.2" - }, - "bin": { - "chromedriver": "bin/chromedriver" - }, - "engines": { - "node": ">=18" - } - }, "node_modules/ci-info": { "version": "3.9.0", "resolved": "https://registry.npmjs.org/ci-info/-/ci-info-3.9.0.tgz", @@ -2090,24 +2002,6 @@ "text-hex": "1.0.x" } }, - "node_modules/combined-stream": { - "version": "1.0.8", - "resolved": "https://registry.npmjs.org/combined-stream/-/combined-stream-1.0.8.tgz", - "integrity": "sha512-FQN4MRfuJeHf7cBbBMJFXhKSDq+2kAArBlmRBvcvFE5BB1HZKXtSFASDhdlz9zOYwxh8lDdnvmMOe/+5cdoEdg==", - "optional": true, - "dependencies": { - "delayed-stream": "~1.0.0" - }, - "engines": { - "node": ">= 0.8" - } - }, - "node_modules/compare-versions": { - "version": "6.1.0", - "resolved": "https://registry.npmjs.org/compare-versions/-/compare-versions-6.1.0.tgz", - "integrity": "sha512-LNZQXhqUvqUTotpZ00qLSaify3b4VFD588aRr8MKFw4CMUr98ytzCW5wDH5qx/DEY5kCDXcbcRuCqL0szEf2tg==", - "optional": true - }, "node_modules/compressible": { "version": "2.0.18", "resolved": "https://registry.npmjs.org/compressible/-/compressible-2.0.18.tgz", @@ -2341,7 +2235,7 @@ "version": "0.1.3", "resolved": "https://registry.npmjs.org/deep-is/-/deep-is-0.1.3.tgz", "integrity": "sha1-s2nW+128E+7PUk+RsHD+7cNXzzQ=", - "devOptional": true + "dev": true }, "node_modules/deepmerge": { "version": "4.3.1", @@ -2368,15 +2262,6 @@ "url": "https://github.com/sponsors/ljharb" } }, - "node_modules/delayed-stream": { - "version": "1.0.0", - "resolved": "https://registry.npmjs.org/delayed-stream/-/delayed-stream-1.0.0.tgz", - "integrity": "sha512-ZySD7Nf91aLB0RxL4KGrKHBXl7Eds1DAmEdcoVawXnLD7SDhpNgtuII2aAkg7a7QS41jxPSZ17p4VdGnMHk3MQ==", - "optional": true, - "engines": { - "node": ">=0.4.0" - } - }, "node_modules/depd": { "version": "2.0.0", "resolved": "https://registry.npmjs.org/depd/-/depd-2.0.0.tgz", @@ -2443,20 +2328,6 @@ "integrity": "sha512-kMGVZLP65O2/oH7zzaoIA5hcr4/xPYO6Sa83FrIpWcd7YPPtSlxqwxTd8lJIwKxaiXM6FGsYK4ukyJ40XkW7jg==", "dev": true }, - "node_modules/elliptic": { - "version": "6.5.4", - "resolved": "https://registry.npmjs.org/elliptic/-/elliptic-6.5.4.tgz", - "integrity": "sha512-iLhC6ULemrljPZb+QutR5TQGB+pdW6KGD5RSegS+8sorOZT+rdQFbsQFJgvN3eRqNALqJer4oQ16YvJHlU8hzQ==", - "dependencies": { - "bn.js": "^4.11.9", - "brorand": "^1.1.0", - "hash.js": "^1.0.0", - "hmac-drbg": "^1.0.1", - "inherits": "^2.0.4", - "minimalistic-assert": "^1.0.1", - "minimalistic-crypto-utils": "^1.0.1" - } - }, "node_modules/emittery": { "version": "0.13.1", "resolved": "https://registry.npmjs.org/emittery/-/emittery-0.13.1.tgz", @@ -2488,15 +2359,6 @@ "node": ">= 0.8" } }, - "node_modules/end-of-stream": { - "version": "1.4.4", - "resolved": "https://registry.npmjs.org/end-of-stream/-/end-of-stream-1.4.4.tgz", - "integrity": "sha512-+uw1inIHVPQoaVuHzRyXd21icM+cnt4CzD5rW+NC1wjOUSTOs+Te7FOv7AhN7vS9x/oIyhLP5PR1H+phQAHu5Q==", - "optional": true, - "dependencies": { - "once": "^1.4.0" - } - }, "node_modules/error-ex": { "version": "1.3.2", "resolved": "https://registry.npmjs.org/error-ex/-/error-ex-1.3.2.tgz", @@ -2878,36 +2740,6 @@ } ] }, - "node_modules/extract-zip": { - "version": "2.0.1", - "resolved": "https://registry.npmjs.org/extract-zip/-/extract-zip-2.0.1.tgz", - "integrity": "sha512-GDhU9ntwuKyGXdZBUgTIe+vXnWj0fppUEtMDL0+idd5Sta8TGpHssn/eusA9mrPr9qNDym6SxAYZjNvCn/9RBg==", - "optional": true, - "dependencies": { - "@types/yauzl": "^2.9.1", - "debug": "^4.1.1", - "get-stream": "^5.1.0", - "yauzl": "^2.10.0" - }, - "bin": { - "extract-zip": "cli.js" - }, - "engines": { - "node": ">= 10.17.0" - } - }, - "node_modules/extract-zip/node_modules/get-stream": { - "version": "5.2.0", - "resolved": "https://registry.npmjs.org/get-stream/-/get-stream-5.2.0.tgz", - "integrity": "sha512-nBF+F1rAZVCu/p7rjzgA+Yb4lfYXrpl7a6VmJrU8wF9I1CKvP/QwPNZHnOlwbTkY6dvtFIzFMSyQXbLoTQPRpA==", - "optional": true, - "dependencies": { - "pump": "^3.0.0" - }, - "engines": { - "node": ">=8" - } - }, "node_modules/fast-deep-equal": { "version": "3.1.3", "resolved": "https://registry.npmjs.org/fast-deep-equal/-/fast-deep-equal-3.1.3.tgz", @@ -3046,40 +2878,6 @@ "resolved": "https://registry.npmjs.org/fn.name/-/fn.name-1.1.0.tgz", "integrity": "sha512-GRnmB5gPyJpAhTQdSZTSp9uaPSvl09KoYcMQtsB9rQoOmzs9dH6ffeccH+Z+cv6P68Hu5bC6JjRh4Ah/mHSNRw==" }, - "node_modules/follow-redirects": { - "version": "1.15.5", - "resolved": "https://registry.npmjs.org/follow-redirects/-/follow-redirects-1.15.5.tgz", - "integrity": "sha512-vSFWUON1B+yAw1VN4xMfxgn5fTUiaOzAJCKBwIIgT/+7CuGy9+r+5gITvP62j3RmaD5Ph65UaERdOSRGUzZtgw==", - "funding": [ - { - "type": "individual", - "url": "https://github.com/sponsors/RubenVerborgh" - } - ], - "optional": true, - "engines": { - "node": ">=4.0" - }, - "peerDependenciesMeta": { - "debug": { - "optional": true - } - } - }, - "node_modules/form-data": { - "version": "4.0.0", - "resolved": "https://registry.npmjs.org/form-data/-/form-data-4.0.0.tgz", - "integrity": "sha512-ETEklSGi5t0QMZuiXoA/Q6vcnxcLQP5vdugSpuAyi6SVGi2clPPp+xgEhuMaHC+zGgn31Kd235W35f7Hykkaww==", - "optional": true, - "dependencies": { - "asynckit": "^0.4.0", - "combined-stream": "^1.0.8", - "mime-types": "^2.1.12" - }, - "engines": { - "node": ">= 6" - } - }, "node_modules/forwarded": { "version": "0.2.0", "resolved": "https://registry.npmjs.org/forwarded/-/forwarded-0.2.0.tgz", @@ -3312,15 +3110,6 @@ "url": "https://github.com/sponsors/ljharb" } }, - "node_modules/hash.js": { - "version": "1.1.7", - "resolved": "https://registry.npmjs.org/hash.js/-/hash.js-1.1.7.tgz", - "integrity": "sha512-taOaskGt4z4SOANNseOviYDvjEJinIkRgmp7LbKP2YTTmVxWBl87s/uzK9r+44BclBSp2X7K1hqeNfz9JbBeXA==", - "dependencies": { - "inherits": "^2.0.3", - "minimalistic-assert": "^1.0.1" - } - }, "node_modules/hasown": { "version": "2.0.2", "resolved": "https://registry.npmjs.org/hasown/-/hasown-2.0.2.tgz", @@ -3340,16 +3129,6 @@ "node": ">=16.0.0" } }, - "node_modules/hmac-drbg": { - "version": "1.0.1", - "resolved": "https://registry.npmjs.org/hmac-drbg/-/hmac-drbg-1.0.1.tgz", - "integrity": "sha1-0nRXAQJabHdabFRXk+1QL8DGSaE=", - "dependencies": { - "hash.js": "^1.0.3", - "minimalistic-assert": "^1.0.0", - "minimalistic-crypto-utils": "^1.0.1" - } - }, "node_modules/html-escaper": { "version": "2.0.2", "resolved": "https://registry.npmjs.org/html-escaper/-/html-escaper-2.0.2.tgz", @@ -3371,19 +3150,6 @@ "node": ">= 0.8" } }, - "node_modules/https-proxy-agent": { - "version": "5.0.1", - "resolved": "https://registry.npmjs.org/https-proxy-agent/-/https-proxy-agent-5.0.1.tgz", - "integrity": "sha512-dFcAjpTQFgoLMzC2VwU+C/CbS7uRL0lWmxDITmqm7C+7F0Odmj6s9l6alZc6AELXhrnggM2CeWSXHGOdX2YtwA==", - "optional": true, - "dependencies": { - "agent-base": "6", - "debug": "4" - }, - "engines": { - "node": ">= 6" - } - }, "node_modules/human-signals": { "version": "2.1.0", "resolved": "https://registry.npmjs.org/human-signals/-/human-signals-2.1.0.tgz", @@ -3580,35 +3346,6 @@ "node": ">=8" } }, - "node_modules/is-url": { - "version": "1.2.4", - "resolved": "https://registry.npmjs.org/is-url/-/is-url-1.2.4.tgz", - "integrity": "sha512-ITvGim8FhRiYe4IQ5uHSkj7pVaPDrCTkNd3yq3cV7iZAcJdHTUMPMEHcqSOy9xZ9qFenQCvi+2wjH9a1nXqHww==", - "optional": true - }, - "node_modules/is2": { - "version": "2.0.6", - "resolved": "https://registry.npmjs.org/is2/-/is2-2.0.6.tgz", - "integrity": "sha512-+Z62OHOjA6k2sUDOKXoZI3EXv7Fb1K52jpTBLbkfx62bcUeSsrTBLhEquCRDKTx0XE5XbHcG/S2vrtE3lnEDsQ==", - "optional": true, - "dependencies": { - "deep-is": "^0.1.3", - "ip-regex": "^4.1.0", - "is-url": "^1.2.4" - }, - "engines": { - "node": ">=v0.10.0" - } - }, - "node_modules/is2/node_modules/ip-regex": { - "version": "4.3.0", - "resolved": "https://registry.npmjs.org/ip-regex/-/ip-regex-4.3.0.tgz", - "integrity": "sha512-B9ZWJxHHOHUhUjCPrMpLD4xEq35bUTClHM1S6CBU5ixQnkZmwipwgc96vAd7AAGM9TGHvJR+Uss+/Ak6UphK+Q==", - "optional": true, - "engines": { - "node": ">=8" - } - }, "node_modules/isarray": { "version": "1.0.0", "resolved": "https://registry.npmjs.org/isarray/-/isarray-1.0.0.tgz", @@ -4373,16 +4110,6 @@ "safe-buffer": "^5.0.1" } }, - "node_modules/jwk-to-pem": { - "version": "2.0.5", - "resolved": "https://registry.npmjs.org/jwk-to-pem/-/jwk-to-pem-2.0.5.tgz", - "integrity": "sha512-L90jwellhO8jRKYwbssU9ifaMVqajzj3fpRjDKcsDzrslU9syRbFqfkXtT4B89HYAap+xsxNcxgBSB09ig+a7A==", - "dependencies": { - "asn1.js": "^5.3.0", - "elliptic": "^6.5.4", - "safe-buffer": "^5.0.1" - } - }, "node_modules/jws": { "version": "3.2.2", "resolved": "https://registry.npmjs.org/jws/-/jws-3.2.2.tgz", @@ -4392,20 +4119,6 @@ "safe-buffer": "^5.0.1" } }, - "node_modules/keycloak-connect": { - "version": "24.0.1", - "resolved": "https://registry.npmjs.org/keycloak-connect/-/keycloak-connect-24.0.1.tgz", - "integrity": "sha512-DlXI6fPR+t58pKVECxvOua5S/rws0CU3yz2juxKQor4b8PKoY0sN/QZ2vxBGPHmvMKtH8VodmPJA2k/VoiD5uw==", - "dependencies": { - "jwk-to-pem": "^2.0.0" - }, - "engines": { - "node": ">=14" - }, - "optionalDependencies": { - "chromedriver": "latest" - } - }, "node_modules/kleur": { "version": "3.0.3", "resolved": "https://registry.npmjs.org/kleur/-/kleur-3.0.3.tgz", @@ -4479,32 +4192,32 @@ "node_modules/lodash.includes": { "version": "4.3.0", "resolved": "https://registry.npmjs.org/lodash.includes/-/lodash.includes-4.3.0.tgz", - "integrity": "sha1-YLuYqHy5I8aMoeUTJUgzFISfVT8=" + "integrity": "sha512-W3Bx6mdkRTGtlJISOvVD/lbqjTlPPUDTMnlXZFnVwi9NKJ6tiAk6LVdlhZMm17VZisqhKcgzpO5Wz91PCt5b0w==" }, "node_modules/lodash.isboolean": { "version": "3.0.3", "resolved": "https://registry.npmjs.org/lodash.isboolean/-/lodash.isboolean-3.0.3.tgz", - "integrity": "sha1-bC4XHbKiV82WgC/UOwGyDV9YcPY=" + "integrity": "sha512-Bz5mupy2SVbPHURB98VAcw+aHh4vRV5IPNhILUCsOzRmsTmSQ17jIuqopAentWoehktxGd9e/hbIXq980/1QJg==" }, "node_modules/lodash.isinteger": { "version": "4.0.4", "resolved": "https://registry.npmjs.org/lodash.isinteger/-/lodash.isinteger-4.0.4.tgz", - "integrity": "sha1-YZwK89A/iwTDH1iChAt3sRzWg0M=" + "integrity": "sha512-DBwtEWN2caHQ9/imiNeEA5ys1JoRtRfY3d7V9wkqtbycnAmTvRRmbHKDV4a0EYc678/dia0jrte4tjYwVBaZUA==" }, "node_modules/lodash.isnumber": { "version": "3.0.3", "resolved": "https://registry.npmjs.org/lodash.isnumber/-/lodash.isnumber-3.0.3.tgz", - "integrity": "sha1-POdoEMWSjQM1IwGsKHMX8RwLH/w=" + "integrity": "sha512-QYqzpfwO3/CWf3XP+Z+tkQsfaLL/EnUlXWVkIk5FUPc4sBdTehEqZONuyRt2P67PXAk+NXmTBcc97zw9t1FQrw==" }, "node_modules/lodash.isplainobject": { "version": "4.0.6", "resolved": "https://registry.npmjs.org/lodash.isplainobject/-/lodash.isplainobject-4.0.6.tgz", - "integrity": "sha1-fFJqUtibRcRcxpC4gWO+BJf1UMs=" + "integrity": "sha512-oSXzaWypCMHkPC3NvBEaPHf0KsA5mvPrOPgQWDsbg8n7orZ290M0BmC/jgRZ4vcJ6DTAhjrsSYgdsW/F+MFOBA==" }, "node_modules/lodash.isstring": { "version": "4.0.1", "resolved": "https://registry.npmjs.org/lodash.isstring/-/lodash.isstring-4.0.1.tgz", - "integrity": "sha1-1SfftUVuynzJu5XV2ur4i6VKVFE=" + "integrity": "sha512-0wJxfxH1wgO3GrbuP+dTTk7op+6L41QCXbGINEmD+ny/G/eCqGzxyCsh7159S+mgDDcoarnBw6PC1PS5+wUGgw==" }, "node_modules/lodash.merge": { "version": "4.6.2", @@ -4515,7 +4228,7 @@ "node_modules/lodash.once": { "version": "4.1.1", "resolved": "https://registry.npmjs.org/lodash.once/-/lodash.once-4.1.1.tgz", - "integrity": "sha1-DdOXEhPHxW34gJd9UEyI+0cal6w=" + "integrity": "sha512-Sb487aTOCr9drQVL8pIxOzVhafOjZN9UU54hiN8PU3uAiSV7lx1yYNpbNmex2PK6dSJoNTSJUUswT651yww3Mg==" }, "node_modules/logform": { "version": "2.6.0", @@ -4665,16 +4378,6 @@ "node": ">=6" } }, - "node_modules/minimalistic-assert": { - "version": "1.0.1", - "resolved": "https://registry.npmjs.org/minimalistic-assert/-/minimalistic-assert-1.0.1.tgz", - "integrity": "sha512-UtJcAD4yEaGtjPezWuO9wC4nwUnVH/8/Im3yEHQP4b67cXlD/Qr9hdITCU1xDbSEXg2XKNaP8jsReV7vQd00/A==" - }, - "node_modules/minimalistic-crypto-utils": { - "version": "1.0.1", - "resolved": "https://registry.npmjs.org/minimalistic-crypto-utils/-/minimalistic-crypto-utils-1.0.1.tgz", - "integrity": "sha1-9sAMHAsIIkblxNmd+4x8CDsrWCo=" - }, "node_modules/minimatch": { "version": "3.1.2", "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-3.1.2.tgz", @@ -4854,7 +4557,7 @@ "version": "1.4.0", "resolved": "https://registry.npmjs.org/once/-/once-1.4.0.tgz", "integrity": "sha1-WDsap3WWHUsROsF9nFC6753Xa9E=", - "devOptional": true, + "dev": true, "dependencies": { "wrappy": "1" } @@ -5172,28 +4875,12 @@ "node": ">= 0.10" } }, - "node_modules/proxy-from-env": { - "version": "1.1.0", - "resolved": "https://registry.npmjs.org/proxy-from-env/-/proxy-from-env-1.1.0.tgz", - "integrity": "sha512-D+zkORCbA9f1tdWRK0RaCR3GPv50cMxcrz4X8k5LTSUD1Dkw47mKJEZQNunItRTkWwgtaUSo1RVFRIG9ZXiFYg==", - "optional": true - }, "node_modules/pstree.remy": { "version": "1.1.8", "resolved": "https://registry.npmjs.org/pstree.remy/-/pstree.remy-1.1.8.tgz", "integrity": "sha512-77DZwxQmxKnu3aR542U+X8FypNzbfJ+C5XQDk3uWjWxn6151aIMGthWYRXTqT1E5oJvg+ljaa2OJi+VfvCOQ8w==", "dev": true }, - "node_modules/pump": { - "version": "3.0.0", - "resolved": "https://registry.npmjs.org/pump/-/pump-3.0.0.tgz", - "integrity": "sha512-LwZy+p3SFs1Pytd/jYct4wpv49HiYCqd9Rlc5ZVdk0V+8Yzv6jR5Blk3TRmPL1ft69TxP0IMZGJ+WPFU2BFhww==", - "optional": true, - "dependencies": { - "end-of-stream": "^1.1.0", - "once": "^1.3.1" - } - }, "node_modules/punycode": { "version": "2.3.1", "resolved": "https://registry.npmjs.org/punycode/-/punycode-2.3.1.tgz", @@ -5773,34 +5460,6 @@ "url": "https://github.com/sponsors/ljharb" } }, - "node_modules/tcp-port-used": { - "version": "1.0.2", - "resolved": "https://registry.npmjs.org/tcp-port-used/-/tcp-port-used-1.0.2.tgz", - "integrity": "sha512-l7ar8lLUD3XS1V2lfoJlCBaeoaWo/2xfYt81hM7VlvR4RrMVFqfmzfhLVk40hAb368uitje5gPtBRL1m/DGvLA==", - "optional": true, - "dependencies": { - "debug": "4.3.1", - "is2": "^2.0.6" - } - }, - "node_modules/tcp-port-used/node_modules/debug": { - "version": "4.3.1", - "resolved": "https://registry.npmjs.org/debug/-/debug-4.3.1.tgz", - "integrity": "sha512-doEwdvm4PCeK4K3RQN2ZC2BYUBaxwLARCqZmMjtF8a51J2Rb0xpVloFRnCODwqjpwnAoao4pelN8l3RJdv3gRQ==", - "optional": true, - "dependencies": { - "ms": "2.1.2" - }, - "engines": { - "node": ">=6.0" - } - }, - "node_modules/tcp-port-used/node_modules/ms": { - "version": "2.1.2", - "resolved": "https://registry.npmjs.org/ms/-/ms-2.1.2.tgz", - "integrity": "sha512-sGkPx+VjMtmA6MX27oA4FBFELFCZZ4S4XqeGOXCv68tT+jb3vk/RyaKWP0PTKyWtmLSM0b+adUTEvbs1PEaH2w==", - "optional": true - }, "node_modules/telejson": { "version": "7.2.0", "resolved": "https://registry.npmjs.org/telejson/-/telejson-7.2.0.tgz", @@ -6200,7 +5859,7 @@ "version": "1.0.2", "resolved": "https://registry.npmjs.org/wrappy/-/wrappy-1.0.2.tgz", "integrity": "sha1-tSQ9jz7BqjXxNkYFvA0QNuMKtp8=", - "devOptional": true + "dev": true }, "node_modules/write-file-atomic": { "version": "4.0.2", @@ -7197,12 +6856,6 @@ "@sinonjs/commons": "^3.0.0" } }, - "@testim/chrome-version": { - "version": "1.1.4", - "resolved": "https://registry.npmjs.org/@testim/chrome-version/-/chrome-version-1.1.4.tgz", - "integrity": "sha512-kIhULpw9TrGYnHp/8VfdcneIcxKnLixmADtukQRtJUmsVlMg0niMkwV0xZmi8hqa57xqilIHjWFA0GKvEjVU5g==", - "optional": true - }, "@types/babel__core": { "version": "7.20.3", "resolved": "https://registry.npmjs.org/@types/babel__core/-/babel__core-7.20.3.tgz", @@ -7281,7 +6934,7 @@ "version": "14.11.2", "resolved": "https://registry.npmjs.org/@types/node/-/node-14.11.2.tgz", "integrity": "sha512-jiE3QIxJ8JLNcb1Ps6rDbysDhN4xa8DJJvuC9prr6w+1tIh+QAbYyNF3tyiZNLDBIuBCf4KEcV2UvQm/V60xfA==", - "devOptional": true + "dev": true }, "@types/stack-utils": { "version": "2.0.2", @@ -7309,15 +6962,6 @@ "integrity": "sha512-5qcvofLPbfjmBfKaLfj/+f+Sbd6pN4zl7w7VSVI5uz7m9QZTuB2aZAa2uo1wHFBNN2x6g/SoTkXmd8mQnQF2Cw==", "dev": true }, - "@types/yauzl": { - "version": "2.9.1", - "resolved": "https://registry.npmjs.org/@types/yauzl/-/yauzl-2.9.1.tgz", - "integrity": "sha512-A1b8SU4D10uoPjwb0lnHmmu8wZhR9d+9o2PKBQT2jU5YPTKsxac6M2qGAdY7VcL+dHHhARVUDmeg0rOrcd9EjA==", - "optional": true, - "requires": { - "@types/node": "*" - } - }, "@ungap/structured-clone": { "version": "1.2.0", "resolved": "https://registry.npmjs.org/@ungap/structured-clone/-/structured-clone-1.2.0.tgz", @@ -7352,15 +6996,6 @@ "dev": true, "requires": {} }, - "agent-base": { - "version": "6.0.2", - "resolved": "https://registry.npmjs.org/agent-base/-/agent-base-6.0.2.tgz", - "integrity": "sha512-RZNwNclF7+MS/8bDg70amg32dyeZGZxiDuQmZxKLAlQjr3jGyLx+4Kkk58UO7D2QdgFIQCovuSuZESne6RG6XQ==", - "optional": true, - "requires": { - "debug": "4" - } - }, "ajv": { "version": "6.12.6", "resolved": "https://registry.npmjs.org/ajv/-/ajv-6.12.6.tgz", @@ -7434,44 +7069,16 @@ "resolved": "https://registry.npmjs.org/array-flatten/-/array-flatten-1.1.1.tgz", "integrity": "sha1-ml9pkFGx5wczKPKgCJaLZOopVdI=" }, - "asn1.js": { - "version": "5.4.1", - "resolved": "https://registry.npmjs.org/asn1.js/-/asn1.js-5.4.1.tgz", - "integrity": "sha512-+I//4cYPccV8LdmBLiX8CYvf9Sp3vQsrqu2QNXRcrbiWvcx/UdlFiqUJJzxRQxgsZmvhXhn4cSKeSmoFjVdupA==", - "requires": { - "bn.js": "^4.0.0", - "inherits": "^2.0.1", - "minimalistic-assert": "^1.0.0", - "safer-buffer": "^2.1.0" - } - }, "async": { "version": "3.2.4", "resolved": "https://registry.npmjs.org/async/-/async-3.2.4.tgz", "integrity": "sha512-iAB+JbDEGXhyIUavoDl9WP/Jj106Kz9DEn1DPgYw5ruDn0e3Wgi3sKFm55sASdGBNOQB8F59d9qQ7deqrHA8wQ==" }, - "asynckit": { - "version": "0.4.0", - "resolved": "https://registry.npmjs.org/asynckit/-/asynckit-0.4.0.tgz", - "integrity": "sha512-Oei9OH4tRh0YqU3GxhX79dM/mwVgvbZJaSNaRk+bshkj0S5cfHcgYakreBjrHwatXKbz+IoIdYLxrKim2MjW0Q==", - "optional": true - }, "atob": { "version": "2.1.2", "resolved": "https://registry.npmjs.org/atob/-/atob-2.1.2.tgz", "integrity": "sha512-Wm6ukoaOGJi/73p/cl2GvLjTI5JM1k/O14isD73YML8StrH/7/lRFgmg8nICZgD3bZZvjwCGxtMOD3wWNAu8cg==" }, - "axios": { - "version": "1.6.5", - "resolved": "https://registry.npmjs.org/axios/-/axios-1.6.5.tgz", - "integrity": "sha512-Ii012v05KEVuUoFWmMW/UQv9aRIc3ZwkWDcM+h5Il8izZCtRVpDUfwpoFf7eOtajT3QiGR4yDUx7lPqHJULgbg==", - "optional": true, - "requires": { - "follow-redirects": "^1.15.4", - "form-data": "^4.0.0", - "proxy-from-env": "^1.1.0" - } - }, "babel-jest": { "version": "29.7.0", "resolved": "https://registry.npmjs.org/babel-jest/-/babel-jest-29.7.0.tgz", @@ -7575,11 +7182,6 @@ "integrity": "sha512-jDctJ/IVQbZoJykoeHbhXpOlNBqGNcwXJKJog42E5HDPUwQTSdjCHdihjj0DlnheQ7blbT6dHOafNAiS8ooQKA==", "dev": true }, - "bn.js": { - "version": "4.12.0", - "resolved": "https://registry.npmjs.org/bn.js/-/bn.js-4.12.0.tgz", - "integrity": "sha512-c98Bf3tPniI+scsdk237ku1Dc3ujXQTSgyiPUDEOe7tRkhrqridvh8klBv0HCEso1OLOYcHuCv/cS6DNxKH+ZA==" - }, "body-parser": { "version": "1.20.2", "resolved": "https://registry.npmjs.org/body-parser/-/body-parser-1.20.2.tgz", @@ -7628,11 +7230,6 @@ "fill-range": "^7.0.1" } }, - "brorand": { - "version": "1.1.0", - "resolved": "https://registry.npmjs.org/brorand/-/brorand-1.1.0.tgz", - "integrity": "sha1-EsJe/kCkXjwyPrhnWgoM5XsiNx8=" - }, "browserslist": { "version": "4.22.1", "resolved": "https://registry.npmjs.org/browserslist/-/browserslist-4.22.1.tgz", @@ -7662,7 +7259,7 @@ "buffer-equal-constant-time": { "version": "1.0.1", "resolved": "https://registry.npmjs.org/buffer-equal-constant-time/-/buffer-equal-constant-time-1.0.1.tgz", - "integrity": "sha1-+OcRMvf/5uAaXJaXpMbz5I1cyBk=" + "integrity": "sha512-zRpUiDwd/xk6ADqPMATG8vc9VPrkck7T07OIx0gnjmJAnHnTVXNQG3vfvWNuiZIkwu9KrKdA1iJKfsfTVxE6NA==" }, "buffer-from": { "version": "1.1.1", @@ -7798,21 +7395,6 @@ "readdirp": "~3.6.0" } }, - "chromedriver": { - "version": "120.0.1", - "resolved": "https://registry.npmjs.org/chromedriver/-/chromedriver-120.0.1.tgz", - "integrity": "sha512-ETTJlkibcAmvoKsaEoq2TFqEsJw18N0O9gOQZX6Uv/XoEiOV8p+IZdidMeIRYELWJIgCZESvlOx5d1QVnB4v0w==", - "optional": true, - "requires": { - "@testim/chrome-version": "^1.1.4", - "axios": "^1.6.0", - "compare-versions": "^6.1.0", - "extract-zip": "^2.0.1", - "https-proxy-agent": "^5.0.1", - "proxy-from-env": "^1.1.0", - "tcp-port-used": "^1.0.2" - } - }, "ci-info": { "version": "3.9.0", "resolved": "https://registry.npmjs.org/ci-info/-/ci-info-3.9.0.tgz", @@ -7888,21 +7470,6 @@ "text-hex": "1.0.x" } }, - "combined-stream": { - "version": "1.0.8", - "resolved": "https://registry.npmjs.org/combined-stream/-/combined-stream-1.0.8.tgz", - "integrity": "sha512-FQN4MRfuJeHf7cBbBMJFXhKSDq+2kAArBlmRBvcvFE5BB1HZKXtSFASDhdlz9zOYwxh8lDdnvmMOe/+5cdoEdg==", - "optional": true, - "requires": { - "delayed-stream": "~1.0.0" - } - }, - "compare-versions": { - "version": "6.1.0", - "resolved": "https://registry.npmjs.org/compare-versions/-/compare-versions-6.1.0.tgz", - "integrity": "sha512-LNZQXhqUvqUTotpZ00qLSaify3b4VFD588aRr8MKFw4CMUr98ytzCW5wDH5qx/DEY5kCDXcbcRuCqL0szEf2tg==", - "optional": true - }, "compressible": { "version": "2.0.18", "resolved": "https://registry.npmjs.org/compressible/-/compressible-2.0.18.tgz", @@ -8077,7 +7644,7 @@ "version": "0.1.3", "resolved": "https://registry.npmjs.org/deep-is/-/deep-is-0.1.3.tgz", "integrity": "sha1-s2nW+128E+7PUk+RsHD+7cNXzzQ=", - "devOptional": true + "dev": true }, "deepmerge": { "version": "4.3.1", @@ -8095,12 +7662,6 @@ "gopd": "^1.0.1" } }, - "delayed-stream": { - "version": "1.0.0", - "resolved": "https://registry.npmjs.org/delayed-stream/-/delayed-stream-1.0.0.tgz", - "integrity": "sha512-ZySD7Nf91aLB0RxL4KGrKHBXl7Eds1DAmEdcoVawXnLD7SDhpNgtuII2aAkg7a7QS41jxPSZ17p4VdGnMHk3MQ==", - "optional": true - }, "depd": { "version": "2.0.0", "resolved": "https://registry.npmjs.org/depd/-/depd-2.0.0.tgz", @@ -8151,20 +7712,6 @@ "integrity": "sha512-kMGVZLP65O2/oH7zzaoIA5hcr4/xPYO6Sa83FrIpWcd7YPPtSlxqwxTd8lJIwKxaiXM6FGsYK4ukyJ40XkW7jg==", "dev": true }, - "elliptic": { - "version": "6.5.4", - "resolved": "https://registry.npmjs.org/elliptic/-/elliptic-6.5.4.tgz", - "integrity": "sha512-iLhC6ULemrljPZb+QutR5TQGB+pdW6KGD5RSegS+8sorOZT+rdQFbsQFJgvN3eRqNALqJer4oQ16YvJHlU8hzQ==", - "requires": { - "bn.js": "^4.11.9", - "brorand": "^1.1.0", - "hash.js": "^1.0.0", - "hmac-drbg": "^1.0.1", - "inherits": "^2.0.4", - "minimalistic-assert": "^1.0.1", - "minimalistic-crypto-utils": "^1.0.1" - } - }, "emittery": { "version": "0.13.1", "resolved": "https://registry.npmjs.org/emittery/-/emittery-0.13.1.tgz", @@ -8187,15 +7734,6 @@ "resolved": "https://registry.npmjs.org/encodeurl/-/encodeurl-1.0.2.tgz", "integrity": "sha512-TPJXq8JqFaVYm2CWmPvnP2Iyo4ZSM7/QKcSmuMLDObfpH5fi7RUGmd/rTDf+rut/saiDiQEeVTNgAmJEdAOx0w==" }, - "end-of-stream": { - "version": "1.4.4", - "resolved": "https://registry.npmjs.org/end-of-stream/-/end-of-stream-1.4.4.tgz", - "integrity": "sha512-+uw1inIHVPQoaVuHzRyXd21icM+cnt4CzD5rW+NC1wjOUSTOs+Te7FOv7AhN7vS9x/oIyhLP5PR1H+phQAHu5Q==", - "optional": true, - "requires": { - "once": "^1.4.0" - } - }, "error-ex": { "version": "1.3.2", "resolved": "https://registry.npmjs.org/error-ex/-/error-ex-1.3.2.tgz", @@ -8483,29 +8021,6 @@ } } }, - "extract-zip": { - "version": "2.0.1", - "resolved": "https://registry.npmjs.org/extract-zip/-/extract-zip-2.0.1.tgz", - "integrity": "sha512-GDhU9ntwuKyGXdZBUgTIe+vXnWj0fppUEtMDL0+idd5Sta8TGpHssn/eusA9mrPr9qNDym6SxAYZjNvCn/9RBg==", - "optional": true, - "requires": { - "@types/yauzl": "^2.9.1", - "debug": "^4.1.1", - "get-stream": "^5.1.0", - "yauzl": "^2.10.0" - }, - "dependencies": { - "get-stream": { - "version": "5.2.0", - "resolved": "https://registry.npmjs.org/get-stream/-/get-stream-5.2.0.tgz", - "integrity": "sha512-nBF+F1rAZVCu/p7rjzgA+Yb4lfYXrpl7a6VmJrU8wF9I1CKvP/QwPNZHnOlwbTkY6dvtFIzFMSyQXbLoTQPRpA==", - "optional": true, - "requires": { - "pump": "^3.0.0" - } - } - } - }, "fast-deep-equal": { "version": "3.1.3", "resolved": "https://registry.npmjs.org/fast-deep-equal/-/fast-deep-equal-3.1.3.tgz", @@ -8628,23 +8143,6 @@ "resolved": "https://registry.npmjs.org/fn.name/-/fn.name-1.1.0.tgz", "integrity": "sha512-GRnmB5gPyJpAhTQdSZTSp9uaPSvl09KoYcMQtsB9rQoOmzs9dH6ffeccH+Z+cv6P68Hu5bC6JjRh4Ah/mHSNRw==" }, - "follow-redirects": { - "version": "1.15.5", - "resolved": "https://registry.npmjs.org/follow-redirects/-/follow-redirects-1.15.5.tgz", - "integrity": "sha512-vSFWUON1B+yAw1VN4xMfxgn5fTUiaOzAJCKBwIIgT/+7CuGy9+r+5gITvP62j3RmaD5Ph65UaERdOSRGUzZtgw==", - "optional": true - }, - "form-data": { - "version": "4.0.0", - "resolved": "https://registry.npmjs.org/form-data/-/form-data-4.0.0.tgz", - "integrity": "sha512-ETEklSGi5t0QMZuiXoA/Q6vcnxcLQP5vdugSpuAyi6SVGi2clPPp+xgEhuMaHC+zGgn31Kd235W35f7Hykkaww==", - "optional": true, - "requires": { - "asynckit": "^0.4.0", - "combined-stream": "^1.0.8", - "mime-types": "^2.1.12" - } - }, "forwarded": { "version": "0.2.0", "resolved": "https://registry.npmjs.org/forwarded/-/forwarded-0.2.0.tgz", @@ -8802,15 +8300,6 @@ "resolved": "https://registry.npmjs.org/has-symbols/-/has-symbols-1.0.3.tgz", "integrity": "sha512-l3LCuF6MgDNwTDKkdYGEihYjt5pRPbEg46rtlmnSPlUbgmB8LOIrKJbYYFBSbnPaJexMKtiPO8hmeRjRz2Td+A==" }, - "hash.js": { - "version": "1.1.7", - "resolved": "https://registry.npmjs.org/hash.js/-/hash.js-1.1.7.tgz", - "integrity": "sha512-taOaskGt4z4SOANNseOviYDvjEJinIkRgmp7LbKP2YTTmVxWBl87s/uzK9r+44BclBSp2X7K1hqeNfz9JbBeXA==", - "requires": { - "inherits": "^2.0.3", - "minimalistic-assert": "^1.0.1" - } - }, "hasown": { "version": "2.0.2", "resolved": "https://registry.npmjs.org/hasown/-/hasown-2.0.2.tgz", @@ -8824,16 +8313,6 @@ "resolved": "https://registry.npmjs.org/helmet/-/helmet-7.1.0.tgz", "integrity": "sha512-g+HZqgfbpXdCkme/Cd/mZkV0aV3BZZZSugecH03kl38m/Kmdx8jKjBikpDj2cr+Iynv4KpYEviojNdTJActJAg==" }, - "hmac-drbg": { - "version": "1.0.1", - "resolved": "https://registry.npmjs.org/hmac-drbg/-/hmac-drbg-1.0.1.tgz", - "integrity": "sha1-0nRXAQJabHdabFRXk+1QL8DGSaE=", - "requires": { - "hash.js": "^1.0.3", - "minimalistic-assert": "^1.0.0", - "minimalistic-crypto-utils": "^1.0.1" - } - }, "html-escaper": { "version": "2.0.2", "resolved": "https://registry.npmjs.org/html-escaper/-/html-escaper-2.0.2.tgz", @@ -8852,16 +8331,6 @@ "toidentifier": "1.0.1" } }, - "https-proxy-agent": { - "version": "5.0.1", - "resolved": "https://registry.npmjs.org/https-proxy-agent/-/https-proxy-agent-5.0.1.tgz", - "integrity": "sha512-dFcAjpTQFgoLMzC2VwU+C/CbS7uRL0lWmxDITmqm7C+7F0Odmj6s9l6alZc6AELXhrnggM2CeWSXHGOdX2YtwA==", - "optional": true, - "requires": { - "agent-base": "6", - "debug": "4" - } - }, "human-signals": { "version": "2.1.0", "resolved": "https://registry.npmjs.org/human-signals/-/human-signals-2.1.0.tgz", @@ -9001,31 +8470,6 @@ "resolved": "https://registry.npmjs.org/is-stream/-/is-stream-2.0.1.tgz", "integrity": "sha512-hFoiJiTl63nn+kstHGBtewWSKnQLpyb155KHheA1l39uvtO9nWIop1p3udqPcUd/xbF1VLMO4n7OI6p7RbngDg==" }, - "is-url": { - "version": "1.2.4", - "resolved": "https://registry.npmjs.org/is-url/-/is-url-1.2.4.tgz", - "integrity": "sha512-ITvGim8FhRiYe4IQ5uHSkj7pVaPDrCTkNd3yq3cV7iZAcJdHTUMPMEHcqSOy9xZ9qFenQCvi+2wjH9a1nXqHww==", - "optional": true - }, - "is2": { - "version": "2.0.6", - "resolved": "https://registry.npmjs.org/is2/-/is2-2.0.6.tgz", - "integrity": "sha512-+Z62OHOjA6k2sUDOKXoZI3EXv7Fb1K52jpTBLbkfx62bcUeSsrTBLhEquCRDKTx0XE5XbHcG/S2vrtE3lnEDsQ==", - "optional": true, - "requires": { - "deep-is": "^0.1.3", - "ip-regex": "^4.1.0", - "is-url": "^1.2.4" - }, - "dependencies": { - "ip-regex": { - "version": "4.3.0", - "resolved": "https://registry.npmjs.org/ip-regex/-/ip-regex-4.3.0.tgz", - "integrity": "sha512-B9ZWJxHHOHUhUjCPrMpLD4xEq35bUTClHM1S6CBU5ixQnkZmwipwgc96vAd7AAGM9TGHvJR+Uss+/Ak6UphK+Q==", - "optional": true - } - } - }, "isarray": { "version": "1.0.0", "resolved": "https://registry.npmjs.org/isarray/-/isarray-1.0.0.tgz", @@ -9622,16 +9066,6 @@ "safe-buffer": "^5.0.1" } }, - "jwk-to-pem": { - "version": "2.0.5", - "resolved": "https://registry.npmjs.org/jwk-to-pem/-/jwk-to-pem-2.0.5.tgz", - "integrity": "sha512-L90jwellhO8jRKYwbssU9ifaMVqajzj3fpRjDKcsDzrslU9syRbFqfkXtT4B89HYAap+xsxNcxgBSB09ig+a7A==", - "requires": { - "asn1.js": "^5.3.0", - "elliptic": "^6.5.4", - "safe-buffer": "^5.0.1" - } - }, "jws": { "version": "3.2.2", "resolved": "https://registry.npmjs.org/jws/-/jws-3.2.2.tgz", @@ -9641,15 +9075,6 @@ "safe-buffer": "^5.0.1" } }, - "keycloak-connect": { - "version": "24.0.1", - "resolved": "https://registry.npmjs.org/keycloak-connect/-/keycloak-connect-24.0.1.tgz", - "integrity": "sha512-DlXI6fPR+t58pKVECxvOua5S/rws0CU3yz2juxKQor4b8PKoY0sN/QZ2vxBGPHmvMKtH8VodmPJA2k/VoiD5uw==", - "requires": { - "chromedriver": "latest", - "jwk-to-pem": "^2.0.0" - } - }, "kleur": { "version": "3.0.3", "resolved": "https://registry.npmjs.org/kleur/-/kleur-3.0.3.tgz", @@ -9708,32 +9133,32 @@ "lodash.includes": { "version": "4.3.0", "resolved": "https://registry.npmjs.org/lodash.includes/-/lodash.includes-4.3.0.tgz", - "integrity": "sha1-YLuYqHy5I8aMoeUTJUgzFISfVT8=" + "integrity": "sha512-W3Bx6mdkRTGtlJISOvVD/lbqjTlPPUDTMnlXZFnVwi9NKJ6tiAk6LVdlhZMm17VZisqhKcgzpO5Wz91PCt5b0w==" }, "lodash.isboolean": { "version": "3.0.3", "resolved": "https://registry.npmjs.org/lodash.isboolean/-/lodash.isboolean-3.0.3.tgz", - "integrity": "sha1-bC4XHbKiV82WgC/UOwGyDV9YcPY=" + "integrity": "sha512-Bz5mupy2SVbPHURB98VAcw+aHh4vRV5IPNhILUCsOzRmsTmSQ17jIuqopAentWoehktxGd9e/hbIXq980/1QJg==" }, "lodash.isinteger": { "version": "4.0.4", "resolved": "https://registry.npmjs.org/lodash.isinteger/-/lodash.isinteger-4.0.4.tgz", - "integrity": "sha1-YZwK89A/iwTDH1iChAt3sRzWg0M=" + "integrity": "sha512-DBwtEWN2caHQ9/imiNeEA5ys1JoRtRfY3d7V9wkqtbycnAmTvRRmbHKDV4a0EYc678/dia0jrte4tjYwVBaZUA==" }, "lodash.isnumber": { "version": "3.0.3", "resolved": "https://registry.npmjs.org/lodash.isnumber/-/lodash.isnumber-3.0.3.tgz", - "integrity": "sha1-POdoEMWSjQM1IwGsKHMX8RwLH/w=" + "integrity": "sha512-QYqzpfwO3/CWf3XP+Z+tkQsfaLL/EnUlXWVkIk5FUPc4sBdTehEqZONuyRt2P67PXAk+NXmTBcc97zw9t1FQrw==" }, "lodash.isplainobject": { "version": "4.0.6", "resolved": "https://registry.npmjs.org/lodash.isplainobject/-/lodash.isplainobject-4.0.6.tgz", - "integrity": "sha1-fFJqUtibRcRcxpC4gWO+BJf1UMs=" + "integrity": "sha512-oSXzaWypCMHkPC3NvBEaPHf0KsA5mvPrOPgQWDsbg8n7orZ290M0BmC/jgRZ4vcJ6DTAhjrsSYgdsW/F+MFOBA==" }, "lodash.isstring": { "version": "4.0.1", "resolved": "https://registry.npmjs.org/lodash.isstring/-/lodash.isstring-4.0.1.tgz", - "integrity": "sha1-1SfftUVuynzJu5XV2ur4i6VKVFE=" + "integrity": "sha512-0wJxfxH1wgO3GrbuP+dTTk7op+6L41QCXbGINEmD+ny/G/eCqGzxyCsh7159S+mgDDcoarnBw6PC1PS5+wUGgw==" }, "lodash.merge": { "version": "4.6.2", @@ -9744,7 +9169,7 @@ "lodash.once": { "version": "4.1.1", "resolved": "https://registry.npmjs.org/lodash.once/-/lodash.once-4.1.1.tgz", - "integrity": "sha1-DdOXEhPHxW34gJd9UEyI+0cal6w=" + "integrity": "sha512-Sb487aTOCr9drQVL8pIxOzVhafOjZN9UU54hiN8PU3uAiSV7lx1yYNpbNmex2PK6dSJoNTSJUUswT651yww3Mg==" }, "logform": { "version": "2.6.0", @@ -9860,16 +9285,6 @@ "integrity": "sha512-OqbOk5oEQeAZ8WXWydlu9HJjz9WVdEIvamMCcXmuqUYjTknH/sqsWvhQ3vgwKFRR1HpjvNBKQ37nbJgYzGqGcg==", "dev": true }, - "minimalistic-assert": { - "version": "1.0.1", - "resolved": "https://registry.npmjs.org/minimalistic-assert/-/minimalistic-assert-1.0.1.tgz", - "integrity": "sha512-UtJcAD4yEaGtjPezWuO9wC4nwUnVH/8/Im3yEHQP4b67cXlD/Qr9hdITCU1xDbSEXg2XKNaP8jsReV7vQd00/A==" - }, - "minimalistic-crypto-utils": { - "version": "1.0.1", - "resolved": "https://registry.npmjs.org/minimalistic-crypto-utils/-/minimalistic-crypto-utils-1.0.1.tgz", - "integrity": "sha1-9sAMHAsIIkblxNmd+4x8CDsrWCo=" - }, "minimatch": { "version": "3.1.2", "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-3.1.2.tgz", @@ -10003,7 +9418,7 @@ "version": "1.4.0", "resolved": "https://registry.npmjs.org/once/-/once-1.4.0.tgz", "integrity": "sha1-WDsap3WWHUsROsF9nFC6753Xa9E=", - "devOptional": true, + "dev": true, "requires": { "wrappy": "1" } @@ -10238,28 +9653,12 @@ "ipaddr.js": "1.9.1" } }, - "proxy-from-env": { - "version": "1.1.0", - "resolved": "https://registry.npmjs.org/proxy-from-env/-/proxy-from-env-1.1.0.tgz", - "integrity": "sha512-D+zkORCbA9f1tdWRK0RaCR3GPv50cMxcrz4X8k5LTSUD1Dkw47mKJEZQNunItRTkWwgtaUSo1RVFRIG9ZXiFYg==", - "optional": true - }, "pstree.remy": { "version": "1.1.8", "resolved": "https://registry.npmjs.org/pstree.remy/-/pstree.remy-1.1.8.tgz", "integrity": "sha512-77DZwxQmxKnu3aR542U+X8FypNzbfJ+C5XQDk3uWjWxn6151aIMGthWYRXTqT1E5oJvg+ljaa2OJi+VfvCOQ8w==", "dev": true }, - "pump": { - "version": "3.0.0", - "resolved": "https://registry.npmjs.org/pump/-/pump-3.0.0.tgz", - "integrity": "sha512-LwZy+p3SFs1Pytd/jYct4wpv49HiYCqd9Rlc5ZVdk0V+8Yzv6jR5Blk3TRmPL1ft69TxP0IMZGJ+WPFU2BFhww==", - "optional": true, - "requires": { - "end-of-stream": "^1.1.0", - "once": "^1.3.1" - } - }, "punycode": { "version": "2.3.1", "resolved": "https://registry.npmjs.org/punycode/-/punycode-2.3.1.tgz", @@ -10679,33 +10078,6 @@ "integrity": "sha512-ot0WnXS9fgdkgIcePe6RHNk1WA8+muPa6cSjeR3V8K27q9BB1rTE3R1p7Hv0z1ZyAc8s6Vvv8DIyWf681MAt0w==", "dev": true }, - "tcp-port-used": { - "version": "1.0.2", - "resolved": "https://registry.npmjs.org/tcp-port-used/-/tcp-port-used-1.0.2.tgz", - "integrity": "sha512-l7ar8lLUD3XS1V2lfoJlCBaeoaWo/2xfYt81hM7VlvR4RrMVFqfmzfhLVk40hAb368uitje5gPtBRL1m/DGvLA==", - "optional": true, - "requires": { - "debug": "4.3.1", - "is2": "^2.0.6" - }, - "dependencies": { - "debug": { - "version": "4.3.1", - "resolved": "https://registry.npmjs.org/debug/-/debug-4.3.1.tgz", - "integrity": "sha512-doEwdvm4PCeK4K3RQN2ZC2BYUBaxwLARCqZmMjtF8a51J2Rb0xpVloFRnCODwqjpwnAoao4pelN8l3RJdv3gRQ==", - "optional": true, - "requires": { - "ms": "2.1.2" - } - }, - "ms": { - "version": "2.1.2", - "resolved": "https://registry.npmjs.org/ms/-/ms-2.1.2.tgz", - "integrity": "sha512-sGkPx+VjMtmA6MX27oA4FBFELFCZZ4S4XqeGOXCv68tT+jb3vk/RyaKWP0PTKyWtmLSM0b+adUTEvbs1PEaH2w==", - "optional": true - } - } - }, "telejson": { "version": "7.2.0", "resolved": "https://registry.npmjs.org/telejson/-/telejson-7.2.0.tgz", @@ -10997,7 +10369,7 @@ "version": "1.0.2", "resolved": "https://registry.npmjs.org/wrappy/-/wrappy-1.0.2.tgz", "integrity": "sha1-tSQ9jz7BqjXxNkYFvA0QNuMKtp8=", - "devOptional": true + "dev": true }, "write-file-atomic": { "version": "4.0.2", diff --git a/app/package.json b/app/package.json index a8bfc06..ad4b0c4 100644 --- a/app/package.json +++ b/app/package.json @@ -42,7 +42,6 @@ "helmet": "^7.1.0", "js-yaml": "^4.1.0", "jsonwebtoken": "^9.0.2", - "keycloak-connect": "^24.0.1", "lockfile": "^1.0.4", "mime-types": "^2.1.35", "multer": "^1.4.4-lts.1", diff --git a/app/src/components/keycloak.js b/app/src/components/keycloak.js deleted file mode 100644 index d4b5283..0000000 --- a/app/src/components/keycloak.js +++ /dev/null @@ -1,16 +0,0 @@ -const config = require('config'); -const Keycloak = require('keycloak-connect'); - -module.exports = new Keycloak({}, { - bearerOnly: true, - 'confidential-port': 0, - clientId: config.has('keycloak.clientId') ? config.get('keycloak.clientId') : undefined, - 'policy-enforcer': {}, - realm: config.has('keycloak.realm') ? config.get('keycloak.realm') : undefined, - realmPublicKey: config.has('keycloak.publicKey') ? config.get('keycloak.publicKey') : undefined, - secret: config.has('keycloak.clientSecret') ? config.get('keycloak.clientSecret') : undefined, - serverUrl: config.has('keycloak.serverUrl') ? config.get('keycloak.serverUrl') : undefined, - 'ssl-required': 'external', - 'use-resource-role-mappings': false, - 'verify-token-audience': true -}); diff --git a/app/src/components/utils.js b/app/src/components/utils.js index 10bdf83..a16cccb 100644 --- a/app/src/components/utils.js +++ b/app/src/components/utils.js @@ -1,3 +1,4 @@ +const config = require('config'); const { existsSync, readFileSync } = require('fs'); const { join } = require('path'); const { v4: uuidv4 } = require('uuid'); @@ -39,6 +40,31 @@ module.exports = { return `${name}.${extension}`; }, + /** + * @function getConfigBoolean + * Gets the value of a boolean node-config key. + * Keys that don't exist in the config are automatically converted to `false`, + * thus avoiding the need to either call `config.has()` first, or wrap `config.get()` + * inside a try-catch block every time. + * @param {string} key the configuration value to look up. Must be either true, false, or not exist in the config. + * @returns {boolean} `true` if key exists in config and is true, `false` otherwise + */ + getConfigBoolean(key) { + try { + const getConfig = config.get(key); + + // isTruthy() can't handle undefined / null, so we have to do that here + // @see {@link https://github.com/node-config/node-config/wiki/Common-Usage#using-config-values} + if (getConfig === undefined || getConfig === null) return false; + else { + return module.exports.isTruthy(getConfig); + } + } + catch (e) { + return false; + } + }, + /** * @function getFileExtension * From a string representing a filename, get the extension if there is one @@ -77,6 +103,20 @@ module.exports = { } }, + /** + * @function isTruthy + * Returns true if the element name in the object contains a truthy value + * @param {object} value The object to evaluate + * @returns {boolean} True if truthy, false if not, and undefined if undefined + */ + isTruthy(value) { + if (value === undefined) return value; + + const isStr = typeof value === 'string' || value instanceof String; + const trueStrings = ['true', 't', 'yes', 'y', '1']; + return value === true || value === 1 || isStr && trueStrings.includes(value.toLowerCase()); + }, + /** * @function prettyStringify * Returns a pretty JSON representation of an object diff --git a/app/src/docs/index.js b/app/src/docs/index.js index f327f7e..4804a7d 100644 --- a/app/src/docs/index.js +++ b/app/src/docs/index.js @@ -2,6 +2,7 @@ const config = require('config'); const fs = require('fs'); const path = require('path'); const { load } = require('js-yaml'); +const { getConfigBoolean } = require('../components/utils'); module.exports = { /** @@ -44,7 +45,7 @@ module.exports = { const spec = load(rawSpec); spec.servers[0].url = `/api/${version}`; - if (config.has('keycloak.enabled')) { + if (getConfigBoolean('keycloak.enabled')) { // Dynamically update OIDC endpoint url spec.components.securitySchemes.OpenID.openIdConnectUrl = `${config.get('keycloak.serverUrl')}/realms/${config.get('keycloak.realm')}/.well-known/openid-configuration`; } else { diff --git a/app/src/docs/v2.api-spec.yaml b/app/src/docs/v2.api-spec.yaml index 3409841..6279579 100644 --- a/app/src/docs/v2.api-spec.yaml +++ b/app/src/docs/v2.api-spec.yaml @@ -34,6 +34,8 @@ paths: application/json: schema: $ref: "#/components/schemas/FileTypes" + "401": + $ref: "#/components/responses/UnauthorizedError" default: description: Unexpected error content: @@ -51,6 +53,8 @@ paths: responses: "200": description: Indicates API is running + "401": + $ref: "#/components/responses/UnauthorizedError" default: description: Unexpected error content: @@ -92,6 +96,8 @@ paths: example: 742d642a4704eb1babd8122ce0f03f209354279ae8292bb3961d13e21578b855 "400": $ref: "#/components/responses/BadRequest" + "401": + $ref: "#/components/responses/UnauthorizedError" "405": description: Template already cached content: @@ -165,6 +171,8 @@ paths: description: Raw binary-encoded response "400": $ref: "#/components/responses/BadRequest" + "401": + $ref: "#/components/responses/UnauthorizedError" "404": $ref: "#/components/responses/NotFound" default: @@ -265,6 +273,8 @@ paths: example: 742d642a4704eb1babd8122ce0f03f209354279ae8292bb3961d13e21578b855 "400": $ref: "#/components/responses/BadRequest" + "401": + $ref: "#/components/responses/UnauthorizedError" "405": $ref: "#/components/responses/MethodNotAllowed" "422": @@ -333,6 +343,8 @@ paths: example: 742d642a4704eb1babd8122ce0f03f209354279ae8292bb3961d13e21578b855 "400": $ref: "#/components/responses/BadRequest" + "401": + $ref: "#/components/responses/UnauthorizedError" "405": $ref: "#/components/responses/MethodNotAllowed" "422": @@ -512,6 +524,17 @@ components: - $ref: "#/components/schemas/InlineTemplateObject" - type: object description: An object containing the document template to merge into + UnauthorizedError: + allOf: + - $ref: "#/components/schemas/Problem" + - type: object + properties: + status: + example: 401 + title: + example: Unauthorized + type: + example: "https://httpstatuses.com/401" ValidationError: allOf: - $ref: "#/components/schemas/Problem" @@ -571,6 +594,10 @@ components: $ref: "#/components/schemas/NotFound" UnauthorizedError: description: Access token is missing or invalid + content: + application/json: + schema: + $ref: "#/components/schemas/UnauthorizedError" UnprocessableEntity: description: >- The server was unable to process the contained instructions. Generally diff --git a/app/src/middleware/authorization.js b/app/src/middleware/authorization.js index 7b08de6..f8b34e4 100644 --- a/app/src/middleware/authorization.js +++ b/app/src/middleware/authorization.js @@ -1,19 +1,59 @@ const config = require('config'); +const jwt = require('jsonwebtoken'); +const Problem = require('api-problem'); -const keycloak = require('../components/keycloak'); +const { getConfigBoolean } = require('../components/utils'); + +/** + * @function _spkiWrapper + * Wraps an SPKI key with PEM header and footer + * @param {string} spki The PEM-encoded Simple public-key infrastructure string + * @returns {string} The PEM-encoded SPKI with PEM header and footer + */ +const _spkiWrapper = (spki) => `-----BEGIN PUBLIC KEY-----\n${spki}\n-----END PUBLIC KEY-----`; module.exports = { /** - * @function protect - * Enables keycloak protect only if environment has it enabled - * @param {string} [role=undefined] Keycloak protect role-based authorization - * @returns {function} An express/connect compatible middleware function + * Enables JWT verification only if environment has it enabled. */ - protect: (role = undefined) => { - if (config.has('keycloak.enabled')) { - return keycloak.protect(role); + authenticate: (req, res, next) => { + + if (getConfigBoolean('keycloak.enabled')) { + const authorization = req.get('Authorization'); + if (!authorization || !authorization.startsWith('Bearer ')) { + return new Problem(401, { + detail: 'An authorization header of the format "Bearer {token}" is required' + }).send(res); + } + const bearerToken = authorization.substring(7); + + try { + const publicKey = config.get('keycloak.publicKey'); + const pemKey = publicKey.startsWith('-----BEGIN') ? publicKey : _spkiWrapper(publicKey); + + jwt.verify(bearerToken, pemKey, { + issuer: `${config.get('keycloak.serverUrl')}/realms/${config.get('keycloak.realm')}` + }); + next(); + + } catch (err) { + if (err instanceof jwt.JsonWebTokenError || err instanceof jwt.TokenExpiredError || err instanceof jwt.NotBeforeError) { + return new Problem(401, { + detail: err.message + }).send(res); + } + else { + // Return HTTP 401 only for JWT errors; the rest should be HTTP 500 + if (!config.has('keycloak.publicKey')) { + throw new Error('OIDC environment variable KC_PUBLICKEY or keycloak.publicKey must be defined'); + } else { + throw(err); + } + } + } + } else { - return (_req, _res, next) => next(); + next(); } } }; diff --git a/app/src/routes/v2/index.js b/app/src/routes/v2/index.js index e4b41a5..868fc82 100644 --- a/app/src/routes/v2/index.js +++ b/app/src/routes/v2/index.js @@ -5,7 +5,7 @@ const fileTypesRouter = require('./fileTypes'); const healthRouter = require('./health'); const templateRouter = require('./template'); -const { protect } = require('../../middleware/authorization'); +const { authenticate } = require('../../middleware/authorization'); const { getDocs, getJsonSpec, getYamlSpec } = require('../../middleware/openapi'); const version = 'v2'; @@ -46,12 +46,12 @@ router.get('/api-spec.yaml', docsHelmet, getYamlSpec(version)); router.get('/docs', docsHelmet, getDocs(version)); /** File Types Router */ -router.get('/fileTypes', protect(), fileTypesRouter); +router.get('/fileTypes', authenticate, fileTypesRouter); /** Health Router */ -router.use('/health', protect(), healthRouter); +router.use('/health', authenticate, healthRouter); /** Template Router */ -router.use('/template', protect(), templateRouter); +router.use('/template', authenticate, templateRouter); module.exports = router; diff --git a/app/tests/unit/components/authorization.spec.js b/app/tests/unit/components/authorization.spec.js new file mode 100644 index 0000000..595dd99 --- /dev/null +++ b/app/tests/unit/components/authorization.spec.js @@ -0,0 +1,188 @@ +const config = require('config'); +const jwt = require('jsonwebtoken'); + +const { getConfigBoolean } = require('../../../src/components/utils'); +const { authenticate } = require('../../../src/middleware/authorization'); +const Problem = require('api-problem'); + +jest.mock('config'); +jest.mock('jsonwebtoken'); +jest.mock('../../../src/components/utils'); // getConfigBoolean + +const mockReq = { + get: jest.fn() +}; +const mockRes = jest.fn(); +const mockNext = jest.fn(); + +describe('authenticate (keycloak.enabled = false)', () => { + + beforeEach(() => { + jest.resetAllMocks(); + getConfigBoolean.mockReturnValueOnce(false); + }); + + afterAll(() => { + jest.restoreAllMocks(); + }); + + it('does not validate JWT when keycloak is disabled in the config', () => { + authenticate(mockReq, mockRes, mockNext); + + expect(getConfigBoolean).toHaveBeenCalledTimes(1); + expect(mockReq.get).toHaveBeenCalledTimes(0); + expect(mockNext).toHaveBeenCalledTimes(1); + }); +}); + +describe('authenticate (keycloak.enabled = true)', () => { + + const authHeader = 'Bearer xxxxx'; + const publicKey = '-----BEGIN PUBLIC KEY-----\ninsert_spki_here\n-----END PUBLIC KEY-----'; + const keycloakServerUrl = 'https://dev.loginproxy.gov.bc.ca/auth'; + const keycloakRealm = 'comsvcauth'; + + beforeEach(() => { + jest.resetAllMocks(); + getConfigBoolean.mockReturnValueOnce(true); + }); + + afterAll(() => { + jest.restoreAllMocks(); + }); + + it('authenticates when keycloak is enabled and JWT is valid', () => { + mockReq.get.mockReturnValueOnce(authHeader); + config.has.mockReturnValueOnce(true); // keycloak.publicKey + config.get.mockReturnValueOnce(publicKey); + config.get.mockReturnValueOnce(keycloakServerUrl); + config.get.mockReturnValueOnce(keycloakRealm); + jwt.verify.mockReturnValueOnce(undefined); // jwt.verify throws error on fail; it doesn't return anything on success + + authenticate(mockReq, mockRes, mockNext); + + expect(getConfigBoolean).toHaveBeenCalledTimes(1); + expect(config.get).toHaveBeenCalledTimes(3); + expect(jwt.verify).toHaveBeenCalledTimes(1); + + expect(mockNext).toHaveBeenCalledTimes(1); + }); + + it('throws an error when Keycloak server public key is not defined in config', () => { + mockReq.get.mockReturnValueOnce(authHeader); + config.has.mockReturnValueOnce(false); // keycloak.publicKey + + expect(() => { + authenticate(mockReq, mockRes, mockNext); + }).toThrow(Error); + + expect(config.has).toHaveBeenCalledTimes(1); + expect(config.get).toHaveBeenCalledTimes(1); + expect(jwt.verify).toHaveBeenCalledTimes(0); + expect(mockNext).toHaveBeenCalledTimes(0); + }); + + it('throws an error when Keycloak server URL is not defined in config', () => { + mockReq.get.mockReturnValueOnce(authHeader); + config.has.mockReturnValueOnce(true); // keycloak.publicKey + config.get.mockReturnValueOnce(publicKey); + config.get.mockImplementation(() => { + throw new Error(); + }); + config.get.mockReturnValueOnce(keycloakRealm); + + expect(() => { + authenticate(mockReq, mockRes, mockNext); + }).toThrow(Error); + + expect(config.has).toHaveBeenCalledTimes(1); + expect(config.get).toHaveBeenCalledTimes(3); + expect(jwt.verify).toHaveBeenCalledTimes(0); + expect(mockNext).toHaveBeenCalledTimes(0); + }); + + it('throws an error when Keycloak realm is not defined in config', () => { + mockReq.get.mockReturnValueOnce(authHeader); + config.has.mockReturnValueOnce(true); // keycloak.publicKey + config.get.mockReturnValueOnce(publicKey); + config.get.mockReturnValueOnce(keycloakServerUrl); + config.get.mockImplementation(() => { + throw new Error(); + }); + + expect(() => { + authenticate(mockReq, mockRes, mockNext); + }).toThrow(Error); + + expect(config.has).toHaveBeenCalledTimes(1); + expect(config.get).toHaveBeenCalledTimes(3); + expect(jwt.verify).toHaveBeenCalledTimes(0); + expect(mockNext).toHaveBeenCalledTimes(0); + }); + + it('fails when JWT is expired', () => { + const apiProblemSpy = jest.spyOn(Problem.prototype, 'send').mockImplementation(() => this); + + mockReq.get.mockReturnValueOnce(authHeader); + config.has.mockReturnValueOnce(true); // keycloak.publicKey + config.get.mockReturnValueOnce(publicKey); + jwt.verify.mockImplementation(() => { + throw new jwt.TokenExpiredError({ + name: 'TokenExpiredError', + message: 'jwt expired', + expiredAt: 1408621000 + }); + }); + + authenticate(mockReq, mockRes, mockNext); + + expect(getConfigBoolean).toHaveBeenCalledTimes(1); + expect(config.get).toHaveBeenCalledTimes(3); + expect(apiProblemSpy).toHaveBeenCalledTimes(1); + expect(mockNext).toHaveBeenCalledTimes(0); + }); + + it('fails when JWT is not valid yet', () => { + const apiProblemSpy = jest.spyOn(Problem.prototype, 'send').mockImplementation(() => this); + + mockReq.get.mockReturnValueOnce(authHeader); + config.has.mockReturnValueOnce(true); // keycloak.publicKey + config.get.mockReturnValueOnce(publicKey); + jwt.verify.mockImplementation(() => { + throw new jwt.NotBeforeError({ + name: 'NotBeforeError', + message: 'jwt not active', + date: '2018-10-04T16:10:44.000Z' + }); + }); + + authenticate(mockReq, mockRes, mockNext); + + expect(getConfigBoolean).toHaveBeenCalledTimes(1); + expect(config.get).toHaveBeenCalledTimes(3); + expect(apiProblemSpy).toHaveBeenCalledTimes(1); + expect(mockNext).toHaveBeenCalledTimes(0); + }); + + it('fails when JWT is malformed', () => { + const apiProblemSpy = jest.spyOn(Problem.prototype, 'send').mockImplementation(() => this); + + mockReq.get.mockReturnValueOnce(authHeader); + config.has.mockReturnValueOnce(true); // keycloak.publicKey + config.get.mockReturnValueOnce(publicKey); + jwt.verify.mockImplementation(() => { + throw new jwt.JsonWebTokenError({ + name: 'JsonWebTokenError', + message: 'jwt malformed', + }); + }); + + authenticate(mockReq, mockRes, mockNext); + + expect(getConfigBoolean).toHaveBeenCalledTimes(1); + expect(config.get).toHaveBeenCalledTimes(3); + expect(apiProblemSpy).toHaveBeenCalledTimes(1); + expect(mockNext).toHaveBeenCalledTimes(0); + }); + +});