-
Notifications
You must be signed in to change notification settings - Fork 436
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request #731 from damienbod/fabiangosebrink/add-config-val…
…idation Fabiangosebrink/add config validation
- Loading branch information
Showing
19 changed files
with
279 additions
and
12 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
93 changes: 93 additions & 0 deletions
93
...ects/angular-auth-oidc-client/src/lib/config-validation/config-validation.service.spec.ts
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,93 @@ | ||
| import { TestBed } from '@angular/core/testing'; | ||
| import { LogLevel } from '../logging/log-level'; | ||
| import { LoggerService } from '../logging/logger.service'; | ||
| import { LoggerServiceMock } from '../logging/logger.service-mock'; | ||
| import { ConfigValidationService } from './config-validation.service'; | ||
|
|
||
| describe('Config Validation Service', () => { | ||
| let configValidationService: ConfigValidationService; | ||
| let loggerService: LoggerService; | ||
|
|
||
| beforeEach(() => { | ||
| TestBed.configureTestingModule({ | ||
| providers: [ConfigValidationService, { provide: LoggerService, useClass: LoggerServiceMock }], | ||
| }); | ||
| }); | ||
|
|
||
| const VALID_CONFIG = { | ||
| stsServer: 'https://offeringsolutions-sts.azurewebsites.net', | ||
| redirectUrl: window.location.origin, | ||
| postLogoutRedirectUri: window.location.origin, | ||
| clientId: 'angularClient', | ||
| scope: 'openid profile email', | ||
| responseType: 'code', | ||
| silentRenew: true, | ||
| silentRenewUrl: `${window.location.origin}/silent-renew.html`, | ||
| renewTimeBeforeTokenExpiresInSeconds: 10, | ||
| logLevel: LogLevel.Debug, | ||
| }; | ||
|
|
||
| beforeEach(() => { | ||
| configValidationService = TestBed.inject(ConfigValidationService); | ||
| loggerService = TestBed.inject(LoggerService); | ||
| }); | ||
|
|
||
| it('should create', () => { | ||
| expect(configValidationService).toBeTruthy(); | ||
| }); | ||
|
|
||
| it('should return false for empty config', () => { | ||
| const config = {}; | ||
| const result = configValidationService.validateConfig(config); | ||
| expect(result).toBeFalse(); | ||
| }); | ||
|
|
||
| it('should return true for valid config', () => { | ||
| const result = configValidationService.validateConfig(VALID_CONFIG); | ||
| expect(result).toBeTrue(); | ||
| }); | ||
|
|
||
| describe('ensure-clientId.rule', () => { | ||
| it('return false when no clientId is set', () => { | ||
| const config = { ...VALID_CONFIG, clientId: null }; | ||
| const result = configValidationService.validateConfig(config); | ||
| expect(result).toBeFalse(); | ||
| }); | ||
| }); | ||
|
|
||
| describe('ensure-sts-server.rule', () => { | ||
| it('return false when no sts server is set', () => { | ||
| const config = { ...VALID_CONFIG, stsServer: null }; | ||
| const result = configValidationService.validateConfig(config); | ||
| expect(result).toBeFalse(); | ||
| }); | ||
| }); | ||
|
|
||
| describe('ensure-redirect-url.rule', () => { | ||
| it('return false for no redirect Url', () => { | ||
| const config = { ...VALID_CONFIG, redirectUrl: '' }; | ||
| const result = configValidationService.validateConfig(config); | ||
| expect(result).toBeFalse(); | ||
| }); | ||
| }); | ||
|
|
||
| describe('ensureSilentRenewUrlWhenNoRefreshTokenUsed', () => { | ||
| it('return false when silent renew is used with no useRefreshToken and no silentrenewUrl', () => { | ||
| const config = { ...VALID_CONFIG, silentRenew: true, useRefreshToken: false, silentRenewUrl: null }; | ||
| const result = configValidationService.validateConfig(config); | ||
| expect(result).toBeFalse(); | ||
| }); | ||
| }); | ||
|
|
||
| describe('use-offline-scope-with-silent-renew.rule', () => { | ||
| it('return true but warning when silent renew is used with useRefreshToken but no offline_access scope is given', () => { | ||
| const config = { ...VALID_CONFIG, silentRenew: true, useRefreshToken: true, scopes: 'scope1 scope2 but_no_offline_access' }; | ||
|
|
||
| const loggerSpy = spyOn(loggerService, 'logError'); | ||
|
|
||
| const result = configValidationService.validateConfig(config); | ||
| expect(result).toBeFalse(); | ||
| expect(loggerSpy).toHaveBeenCalled(); | ||
| }); | ||
| }); | ||
| }); |
28 changes: 28 additions & 0 deletions
28
projects/angular-auth-oidc-client/src/lib/config-validation/config-validation.service.ts
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,28 @@ | ||
| import { Injectable } from '@angular/core'; | ||
| import { OpenIdConfiguration } from '../angular-auth-oidc-client'; | ||
| import { LoggerService } from '../logging/logger.service'; | ||
| import { Level, RuleValidationResult } from './rule'; | ||
| import { allRules } from './rules'; | ||
|
|
||
| @Injectable({ providedIn: 'root' }) | ||
| export class ConfigValidationService { | ||
| constructor(private loggerService: LoggerService) {} | ||
|
|
||
| validateConfig(passedConfig: OpenIdConfiguration): boolean { | ||
| const allValidationResults = allRules.map((rule) => rule(passedConfig)); | ||
|
|
||
| const allMessages = allValidationResults.filter((x) => x.messages.length > 0); | ||
|
|
||
| const allErrorMessages = this.getAllMessagesOfType('error', allMessages); | ||
| const allWarnings = this.getAllMessagesOfType('warning', allMessages); | ||
| allErrorMessages.map((message) => this.loggerService.logError(message)); | ||
| allWarnings.map((message) => this.loggerService.logWarning(message)); | ||
|
|
||
| return allErrorMessages.length === 0; | ||
| } | ||
|
|
||
| private getAllMessagesOfType(type: Level, results: RuleValidationResult[]) { | ||
| const allMessages = results.filter((x) => x.level === type).map((result) => result.messages); | ||
| return allMessages.reduce((acc, val) => acc.concat(val), []); | ||
| } | ||
| } |
19 changes: 19 additions & 0 deletions
19
projects/angular-auth-oidc-client/src/lib/config-validation/rule.ts
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,19 @@ | ||
| import { OpenIdConfiguration } from '../config/openid-configuration'; | ||
|
|
||
| export interface Rule { | ||
| validate(passedConfig: OpenIdConfiguration): RuleValidationResult; | ||
| } | ||
|
|
||
| export interface RuleValidationResult { | ||
| result: boolean; | ||
| messages: string[]; | ||
| level: Level; | ||
| } | ||
|
|
||
| export const POSITIVE_VALIDATION_RESULT = { | ||
| result: true, | ||
| messages: [], | ||
| level: null, | ||
| }; | ||
|
|
||
| export type Level = 'warning' | 'error'; |
14 changes: 14 additions & 0 deletions
14
projects/angular-auth-oidc-client/src/lib/config-validation/rules/ensure-clientId.rule.ts
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,14 @@ | ||
| import { OpenIdConfiguration } from '../../config/openid-configuration'; | ||
| import { POSITIVE_VALIDATION_RESULT, RuleValidationResult } from '../rule'; | ||
|
|
||
| export function ensureClientId(passedConfig: OpenIdConfiguration): RuleValidationResult { | ||
| if (!passedConfig.clientId) { | ||
| return { | ||
| result: false, | ||
| messages: ['The clientId is required and missing from your config!'], | ||
| level: 'error', | ||
| }; | ||
| } | ||
|
|
||
| return POSITIVE_VALIDATION_RESULT; | ||
| } |
14 changes: 14 additions & 0 deletions
14
...ects/angular-auth-oidc-client/src/lib/config-validation/rules/ensure-redirect-url.rule.ts
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,14 @@ | ||
| import { OpenIdConfiguration } from '../../config/openid-configuration'; | ||
| import { POSITIVE_VALIDATION_RESULT, RuleValidationResult } from '../rule'; | ||
|
|
||
| export function ensureRedirectRule(passedConfig: OpenIdConfiguration): RuleValidationResult { | ||
| if (!passedConfig.redirectUrl) { | ||
| return { | ||
| result: false, | ||
| messages: ['The redirectURL is required and missing from your config'], | ||
| level: 'error', | ||
| }; | ||
| } | ||
|
|
||
| return POSITIVE_VALIDATION_RESULT; | ||
| } |
18 changes: 18 additions & 0 deletions
18
...lient/src/lib/config-validation/rules/ensure-silentRenewUrl-with-no-refreshtokens.rule.ts
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,18 @@ | ||
| import { OpenIdConfiguration } from '../../config/openid-configuration'; | ||
| import { POSITIVE_VALIDATION_RESULT, RuleValidationResult } from '../rule'; | ||
|
|
||
| export function ensureSilentRenewUrlWhenNoRefreshTokenUsed(passedConfig: OpenIdConfiguration): RuleValidationResult { | ||
| const usesSilentRenew = passedConfig.silentRenew; | ||
| const usesRefreshToken = passedConfig.useRefreshToken; | ||
| const hasSilentRenewUrl = passedConfig.silentRenewUrl; | ||
|
|
||
| if (usesSilentRenew && !usesRefreshToken && !hasSilentRenewUrl) { | ||
| return { | ||
| result: false, | ||
| messages: ['Please provide a silent renew URL if using renew and not refresh tokens'], | ||
| level: 'error', | ||
| }; | ||
| } | ||
|
|
||
| return POSITIVE_VALIDATION_RESULT; | ||
| } |
14 changes: 14 additions & 0 deletions
14
projects/angular-auth-oidc-client/src/lib/config-validation/rules/ensure-sts-server.rule.ts
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,14 @@ | ||
| import { OpenIdConfiguration } from '../../config/openid-configuration'; | ||
| import { POSITIVE_VALIDATION_RESULT, RuleValidationResult } from '../rule'; | ||
|
|
||
| export function ensureStsServer(passedConfig: OpenIdConfiguration): RuleValidationResult { | ||
| if (!passedConfig.stsServer) { | ||
| return { | ||
| result: false, | ||
| messages: ['The STS URL MUST be provided in the configuration!'], | ||
| level: 'error', | ||
| }; | ||
| } | ||
|
|
||
| return POSITIVE_VALIDATION_RESULT; | ||
| } |
13 changes: 13 additions & 0 deletions
13
projects/angular-auth-oidc-client/src/lib/config-validation/rules/index.ts
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,13 @@ | ||
| import { ensureClientId } from './ensure-clientId.rule'; | ||
| import { ensureRedirectRule } from './ensure-redirect-url.rule'; | ||
| import { ensureSilentRenewUrlWhenNoRefreshTokenUsed } from './ensure-silentRenewUrl-with-no-refreshtokens.rule'; | ||
| import { ensureStsServer } from './ensure-sts-server.rule'; | ||
| import { useOfflineScopeWithSilentRenew } from './use-offline-scope-with-silent-renew.rule'; | ||
|
|
||
| export const allRules = [ | ||
| ensureStsServer, | ||
| useOfflineScopeWithSilentRenew, | ||
| ensureRedirectRule, | ||
| ensureClientId, | ||
| ensureSilentRenewUrlWhenNoRefreshTokenUsed, | ||
| ]; |
19 changes: 19 additions & 0 deletions
19
...h-oidc-client/src/lib/config-validation/rules/use-offline-scope-with-silent-renew.rule.ts
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,19 @@ | ||
| import { OpenIdConfiguration } from '../../config/openid-configuration'; | ||
| import { POSITIVE_VALIDATION_RESULT, RuleValidationResult } from '../rule'; | ||
|
|
||
| export function useOfflineScopeWithSilentRenew(passedConfig: OpenIdConfiguration): RuleValidationResult { | ||
| const hasRefreshToken = passedConfig.useRefreshToken; | ||
| const hasSilentRenew = passedConfig.silentRenew; | ||
| const scope = passedConfig.scope || ''; | ||
| const hasOfflineScope = scope.split(' ').includes('offline_access'); | ||
|
|
||
| if (hasRefreshToken && hasSilentRenew && !hasOfflineScope) { | ||
| return { | ||
| result: false, | ||
| messages: ['When using silent renew and refresh tokens please set the `offline_access` scope'], | ||
| level: 'error', | ||
| }; | ||
| } | ||
|
|
||
| return POSITIVE_VALIDATION_RESULT; | ||
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.