diff --git a/README.md b/README.md index a4df2a53..8c0965ec 100644 --- a/README.md +++ b/README.md @@ -108,13 +108,48 @@ Sample configuration file setting the server port and database url: } ``` - ##### Step 4. Run the app ``` node ./bin/www ``` +### Configuring Workbench to Enable OIDC Authentication for Users + +Workbench supports OIDC authentication for users, allowing you to integrate Workbench with your organization's authentication system. + +#### Registering with the OIDC Server + +In order to use OIDC authentication, your Workbench instance must be registered with your organization's OIDC authentication server. +The details depend on your authentication server, but the following values should cover most of what you need: + +* Workbench uses the *Authorization Code Flow* for authenticating users +* Claims: + +| claim | required | description | +|------------------------|----------|-------------------------------------------------------------------------------------------------------------------------------------------------| +| **email** | yes | Identifies the user account associated with an authenticated user | +| **preferred_username** | no | If present, the `preferred_username` claim is used to set the `name` property of the user account when the user initially registers with Workbench | +| **name** | no | If present, the `name` claim is used to set the `displayName` property of the user account when the user initially registers with Workbench | + +* Grant Types: *Client Credentials*, *Authorization Code* and *Refresh Token* +* Redirect URL: `/api/authn/oidc/callback` + +After registering with the OIDC authentication system, you will need the `client_id` and `client_secret` assigned as part of that process. +You will also need the Issuer URL for the OIDC Identity Server. + +#### Workbench Configuration + +Configuring Workbench to use OIDC can be done using environment variables or the corresponding properties in a configuration file. + +| environment variable | required | description | configuration file property name | +|--------------------------------|----------|-------------------------------------------------------------------------------------------------------|----------------------------------| +| **AUTHN_MECHANISM** | yes | Must be set to `oidc` | userAuthn.mechanism | +| **AUTHN_OIDC_CLIENT_ID** | yes | Client ID assigned to the Workbench instance when registering with the OIDC authentication system | userAuthn.oidc.clientId | +| **AUTHN_OIDC_CLIENT_SECRET** | yes | Client secret assigned to the Workbench instance when registering with the OIDC authentication system | userAuthn.oidc.clientSecret | +| **AUTHN_OIDC_ISSUER_URL** | yes | Issuer URL for the Identity Server | userAuthn.oidc.issuerUrl | +| **AUTHN_OIDC_REDIRECT_ORIGIN** | yes | URL for the Workbench host | userAuthn.oidc.redirectOrigin | + ## Scripts `package.json` contains a number of scripts that can be used to perform recurring tasks. diff --git a/app/services/recent-activity-service.js b/app/services/recent-activity-service.js index 41d6f164..0800127b 100644 --- a/app/services/recent-activity-service.js +++ b/app/services/recent-activity-service.js @@ -4,8 +4,6 @@ const AttackObject = require('../models/attack-object-model'); const Relationship = require('../models/relationship-model'); const identitiesService = require('./identities-service'); -const logger = require('../lib/logger'); - const { lastUpdatedByQueryHelper } = require('../lib/request-parameter-helper'); const errors = { @@ -50,7 +48,7 @@ exports.retrieveAll = async function(options) { aggregation.push({ $match: query }); // Retrieve the documents - let objectDocuments = await AttackObject.aggregate(aggregation); + const objectDocuments = await AttackObject.aggregate(aggregation); // Lookup source/target refs for relationships aggregation.push({ @@ -69,8 +67,8 @@ exports.retrieveAll = async function(options) { as: 'target_objects' } }); - let relationshipDocuments = await Relationship.aggregate(aggregation); - let documents = objectDocuments.concat(relationshipDocuments); + const relationshipDocuments = await Relationship.aggregate(aggregation); + const documents = objectDocuments.concat(relationshipDocuments); // Sort by most recent documents.sort((a, b) => b.stix.modified - a.stix.modified); diff --git a/package-lock.json b/package-lock.json index bca931ea..bdd9bcee 100644 --- a/package-lock.json +++ b/package-lock.json @@ -25,7 +25,7 @@ "jwt-decode": "^3.1.2", "lodash": "^4.17.21", "migrate-mongo": "^9.0.0", - "mongoose": "^6.5.1", + "mongoose": "^6.12.0", "morgan": "^1.10.0", "nanoid": "^3.3.6", "node-cache": "^5.1.2", @@ -1493,6 +1493,15 @@ "resolved": "https://registry.npmjs.org/@jsdevtools/ono/-/ono-7.1.3.tgz", "integrity": "sha512-4JQNk+3mVzK3xh2rqd6RB4J46qUR19azEHBneZyTZM+c456qOrbbM/5xcR8huNCCcbVt7+UmizG6GuUvPvKUYg==" }, + "node_modules/@mongodb-js/saslprep": { + "version": "1.1.0", + "resolved": "https://registry.npmjs.org/@mongodb-js/saslprep/-/saslprep-1.1.0.tgz", + "integrity": "sha512-Xfijy7HvfzzqiOAhAepF4SGN5e9leLkMvg/OPOF97XemjfVCYN/oWa75wnkc6mltMSTwY+XlbhWgUOJmkFspSw==", + "optional": true, + "dependencies": { + "sparse-bitfield": "^3.0.3" + } + }, "node_modules/@nodelib/fs.scandir": { "version": "2.1.5", "resolved": "https://registry.npmjs.org/@nodelib/fs.scandir/-/fs.scandir-2.1.5.tgz", @@ -4508,9 +4517,12 @@ "integrity": "sha512-UfpWE/VZn0iP50d8cz9NrZLM9lSWhcJ+0Gt/nm4by88UL+J1SiKN8/5dkjMmbEzwL2CAe+67GsegCbIKtbp75A==" }, "node_modules/kareem": { - "version": "2.4.1", - "resolved": "https://registry.npmjs.org/kareem/-/kareem-2.4.1.tgz", - "integrity": "sha512-aJ9opVoXroQUPfovYP5kaj2lM7Jn02Gw13bL0lg9v0V7SaUc0qavPs0Eue7d2DcC3NjqI6QAUElXNsuZSeM+EA==" + "version": "2.5.1", + "resolved": "https://registry.npmjs.org/kareem/-/kareem-2.5.1.tgz", + "integrity": "sha512-7jFxRVm+jD+rkq3kY0iZDJfsO2/t4BBPeEb2qKn2lR/9KhuksYk5hxzfRYWMPV8P/x2d0kHD306YyWLzjjH+uA==", + "engines": { + "node": ">=12.0.0" + } }, "node_modules/kuler": { "version": "2.0.0", @@ -5090,12 +5102,12 @@ } }, "node_modules/mongodb": { - "version": "4.14.0", - "resolved": "https://registry.npmjs.org/mongodb/-/mongodb-4.14.0.tgz", - "integrity": "sha512-coGKkWXIBczZPr284tYKFLg+KbGPPLlSbdgfKAb6QqCFt5bo5VFZ50O3FFzsw4rnkqjwT6D8Qcoo9nshYKM7Mg==", + "version": "4.17.1", + "resolved": "https://registry.npmjs.org/mongodb/-/mongodb-4.17.1.tgz", + "integrity": "sha512-MBuyYiPUPRTqfH2dV0ya4dcr2E5N52ocBuZ8Sgg/M030nGF78v855B3Z27mZJnp8PxjnUquEnAtjOsphgMZOlQ==", "dependencies": { - "bson": "^4.7.0", - "mongodb-connection-string-url": "^2.5.4", + "bson": "^4.7.2", + "mongodb-connection-string-url": "^2.6.0", "socks": "^2.7.1" }, "engines": { @@ -5103,7 +5115,7 @@ }, "optionalDependencies": { "@aws-sdk/credential-providers": "^3.186.0", - "saslprep": "^1.0.3" + "@mongodb-js/saslprep": "^1.1.0" } }, "node_modules/mongodb-connection-string-url": { @@ -5209,17 +5221,17 @@ "dev": true }, "node_modules/mongoose": { - "version": "6.5.1", - "resolved": "https://registry.npmjs.org/mongoose/-/mongoose-6.5.1.tgz", - "integrity": "sha512-8C0213y279nrSp6Au+WB+l/VczcotMU65jalTJJxU6KYf/Kd8gNW9+B3giWNJOVd8VvKvUQG0suWv/Vngp/83A==", + "version": "6.12.0", + "resolved": "https://registry.npmjs.org/mongoose/-/mongoose-6.12.0.tgz", + "integrity": "sha512-sd/q83C6TBRPBrrD2A/POSbA/exbCFM2WOuY7Lf2JuIJFlHFG39zYSDTTAEiYlzIfahNOLmXPxBGFxdAch41Mw==", "dependencies": { - "bson": "^4.6.5", - "kareem": "2.4.1", - "mongodb": "4.8.1", + "bson": "^4.7.2", + "kareem": "2.5.1", + "mongodb": "4.17.1", "mpath": "0.9.0", "mquery": "4.0.3", "ms": "2.1.3", - "sift": "16.0.0" + "sift": "16.0.1" }, "engines": { "node": ">=12.0.0" @@ -5229,31 +5241,6 @@ "url": "https://opencollective.com/mongoose" } }, - "node_modules/mongoose/node_modules/denque": { - "version": "2.1.0", - "resolved": "https://registry.npmjs.org/denque/-/denque-2.1.0.tgz", - "integrity": "sha512-HVQE3AAb/pxF8fQAoiqpvg9i3evqug3hoiwakOyZAwJm+6vZehbkYXZ0l4JxS+I3QxM97v5aaRNhj8v5oBhekw==", - "engines": { - "node": ">=0.10" - } - }, - "node_modules/mongoose/node_modules/mongodb": { - "version": "4.8.1", - "resolved": "https://registry.npmjs.org/mongodb/-/mongodb-4.8.1.tgz", - "integrity": "sha512-/NyiM3Ox9AwP5zrfT9TXjRKDJbXlLaUDQ9Rg//2lbg8D2A8GXV0VidYYnA/gfdK6uwbnL4FnAflH7FbGw3TS7w==", - "dependencies": { - "bson": "^4.6.5", - "denque": "^2.0.1", - "mongodb-connection-string-url": "^2.5.2", - "socks": "^2.6.2" - }, - "engines": { - "node": ">=12.9.0" - }, - "optionalDependencies": { - "saslprep": "^1.0.3" - } - }, "node_modules/mongoose/node_modules/ms": { "version": "2.1.3", "resolved": "https://registry.npmjs.org/ms/-/ms-2.1.3.tgz", @@ -6077,18 +6064,6 @@ "resolved": "https://registry.npmjs.org/safer-buffer/-/safer-buffer-2.1.2.tgz", "integrity": "sha512-YZo3K82SD7Riyi0E1EQPojLz7kpepnSQI9IyPbHHg1XXXevb5dJI7tpyN2ADxGcQbHG7vcyRHk0cbwqcQriUtg==" }, - "node_modules/saslprep": { - "version": "1.0.3", - "resolved": "https://registry.npmjs.org/saslprep/-/saslprep-1.0.3.tgz", - "integrity": "sha512-/MY/PEMbk2SuY5sScONwhUDsV2p77Znkb/q3nSVstq/yQzYJOH/Azh29p9oJLsl3LnQwSvZDKagDGBsBwSooag==", - "optional": true, - "dependencies": { - "sparse-bitfield": "^3.0.3" - }, - "engines": { - "node": ">=6" - } - }, "node_modules/semver": { "version": "7.5.4", "resolved": "https://registry.npmjs.org/semver/-/semver-7.5.4.tgz", @@ -6244,9 +6219,9 @@ } }, "node_modules/sift": { - "version": "16.0.0", - "resolved": "https://registry.npmjs.org/sift/-/sift-16.0.0.tgz", - "integrity": "sha512-ILTjdP2Mv9V1kIxWMXeMTIRbOBrqKc4JAXmFMnFq3fKeyQ2Qwa3Dw1ubcye3vR+Y6ofA0b9gNDr/y2t6eUeIzQ==" + "version": "16.0.1", + "resolved": "https://registry.npmjs.org/sift/-/sift-16.0.1.tgz", + "integrity": "sha512-Wv6BjQ5zbhW7VFefWusVP33T/EM0vYikCaQ2qR8yULbsilAT8/wQaXvuQ3ptGLpoKx+lihJE3y2UTgKDyyNHZQ==" }, "node_modules/signal-exit": { "version": "3.0.3", @@ -6313,7 +6288,7 @@ "node_modules/sparse-bitfield": { "version": "3.0.3", "resolved": "https://registry.npmjs.org/sparse-bitfield/-/sparse-bitfield-3.0.3.tgz", - "integrity": "sha1-/0rm5oZWBWuks+eSqzM004JzyhE=", + "integrity": "sha512-kvzhi7vqKTfkh0PZU+2D2PIllw2ymqJKujUcyPMd9Y75Nv4nPbGJZXNhxsgdQab2BmlDct1YnfQCguEvHr7VsQ==", "optional": true, "dependencies": { "memory-pager": "^1.0.2" @@ -8149,6 +8124,15 @@ "resolved": "https://registry.npmjs.org/@jsdevtools/ono/-/ono-7.1.3.tgz", "integrity": "sha512-4JQNk+3mVzK3xh2rqd6RB4J46qUR19azEHBneZyTZM+c456qOrbbM/5xcR8huNCCcbVt7+UmizG6GuUvPvKUYg==" }, + "@mongodb-js/saslprep": { + "version": "1.1.0", + "resolved": "https://registry.npmjs.org/@mongodb-js/saslprep/-/saslprep-1.1.0.tgz", + "integrity": "sha512-Xfijy7HvfzzqiOAhAepF4SGN5e9leLkMvg/OPOF97XemjfVCYN/oWa75wnkc6mltMSTwY+XlbhWgUOJmkFspSw==", + "optional": true, + "requires": { + "sparse-bitfield": "^3.0.3" + } + }, "@nodelib/fs.scandir": { "version": "2.1.5", "resolved": "https://registry.npmjs.org/@nodelib/fs.scandir/-/fs.scandir-2.1.5.tgz", @@ -10462,9 +10446,9 @@ "integrity": "sha512-UfpWE/VZn0iP50d8cz9NrZLM9lSWhcJ+0Gt/nm4by88UL+J1SiKN8/5dkjMmbEzwL2CAe+67GsegCbIKtbp75A==" }, "kareem": { - "version": "2.4.1", - "resolved": "https://registry.npmjs.org/kareem/-/kareem-2.4.1.tgz", - "integrity": "sha512-aJ9opVoXroQUPfovYP5kaj2lM7Jn02Gw13bL0lg9v0V7SaUc0qavPs0Eue7d2DcC3NjqI6QAUElXNsuZSeM+EA==" + "version": "2.5.1", + "resolved": "https://registry.npmjs.org/kareem/-/kareem-2.5.1.tgz", + "integrity": "sha512-7jFxRVm+jD+rkq3kY0iZDJfsO2/t4BBPeEb2qKn2lR/9KhuksYk5hxzfRYWMPV8P/x2d0kHD306YyWLzjjH+uA==" }, "kuler": { "version": "2.0.0", @@ -10908,14 +10892,14 @@ } }, "mongodb": { - "version": "4.14.0", - "resolved": "https://registry.npmjs.org/mongodb/-/mongodb-4.14.0.tgz", - "integrity": "sha512-coGKkWXIBczZPr284tYKFLg+KbGPPLlSbdgfKAb6QqCFt5bo5VFZ50O3FFzsw4rnkqjwT6D8Qcoo9nshYKM7Mg==", + "version": "4.17.1", + "resolved": "https://registry.npmjs.org/mongodb/-/mongodb-4.17.1.tgz", + "integrity": "sha512-MBuyYiPUPRTqfH2dV0ya4dcr2E5N52ocBuZ8Sgg/M030nGF78v855B3Z27mZJnp8PxjnUquEnAtjOsphgMZOlQ==", "requires": { "@aws-sdk/credential-providers": "^3.186.0", - "bson": "^4.7.0", - "mongodb-connection-string-url": "^2.5.4", - "saslprep": "^1.0.3", + "@mongodb-js/saslprep": "^1.1.0", + "bson": "^4.7.2", + "mongodb-connection-string-url": "^2.6.0", "socks": "^2.7.1" } }, @@ -11002,36 +10986,19 @@ } }, "mongoose": { - "version": "6.5.1", - "resolved": "https://registry.npmjs.org/mongoose/-/mongoose-6.5.1.tgz", - "integrity": "sha512-8C0213y279nrSp6Au+WB+l/VczcotMU65jalTJJxU6KYf/Kd8gNW9+B3giWNJOVd8VvKvUQG0suWv/Vngp/83A==", + "version": "6.12.0", + "resolved": "https://registry.npmjs.org/mongoose/-/mongoose-6.12.0.tgz", + "integrity": "sha512-sd/q83C6TBRPBrrD2A/POSbA/exbCFM2WOuY7Lf2JuIJFlHFG39zYSDTTAEiYlzIfahNOLmXPxBGFxdAch41Mw==", "requires": { - "bson": "^4.6.5", - "kareem": "2.4.1", - "mongodb": "4.8.1", + "bson": "^4.7.2", + "kareem": "2.5.1", + "mongodb": "4.17.1", "mpath": "0.9.0", "mquery": "4.0.3", "ms": "2.1.3", - "sift": "16.0.0" + "sift": "16.0.1" }, "dependencies": { - "denque": { - "version": "2.1.0", - "resolved": "https://registry.npmjs.org/denque/-/denque-2.1.0.tgz", - "integrity": "sha512-HVQE3AAb/pxF8fQAoiqpvg9i3evqug3hoiwakOyZAwJm+6vZehbkYXZ0l4JxS+I3QxM97v5aaRNhj8v5oBhekw==" - }, - "mongodb": { - "version": "4.8.1", - "resolved": "https://registry.npmjs.org/mongodb/-/mongodb-4.8.1.tgz", - "integrity": "sha512-/NyiM3Ox9AwP5zrfT9TXjRKDJbXlLaUDQ9Rg//2lbg8D2A8GXV0VidYYnA/gfdK6uwbnL4FnAflH7FbGw3TS7w==", - "requires": { - "bson": "^4.6.5", - "denque": "^2.0.1", - "mongodb-connection-string-url": "^2.5.2", - "saslprep": "^1.0.3", - "socks": "^2.6.2" - } - }, "ms": { "version": "2.1.3", "resolved": "https://registry.npmjs.org/ms/-/ms-2.1.3.tgz", @@ -11633,15 +11600,6 @@ "resolved": "https://registry.npmjs.org/safer-buffer/-/safer-buffer-2.1.2.tgz", "integrity": "sha512-YZo3K82SD7Riyi0E1EQPojLz7kpepnSQI9IyPbHHg1XXXevb5dJI7tpyN2ADxGcQbHG7vcyRHk0cbwqcQriUtg==" }, - "saslprep": { - "version": "1.0.3", - "resolved": "https://registry.npmjs.org/saslprep/-/saslprep-1.0.3.tgz", - "integrity": "sha512-/MY/PEMbk2SuY5sScONwhUDsV2p77Znkb/q3nSVstq/yQzYJOH/Azh29p9oJLsl3LnQwSvZDKagDGBsBwSooag==", - "optional": true, - "requires": { - "sparse-bitfield": "^3.0.3" - } - }, "semver": { "version": "7.5.4", "resolved": "https://registry.npmjs.org/semver/-/semver-7.5.4.tgz", @@ -11765,9 +11723,9 @@ } }, "sift": { - "version": "16.0.0", - "resolved": "https://registry.npmjs.org/sift/-/sift-16.0.0.tgz", - "integrity": "sha512-ILTjdP2Mv9V1kIxWMXeMTIRbOBrqKc4JAXmFMnFq3fKeyQ2Qwa3Dw1ubcye3vR+Y6ofA0b9gNDr/y2t6eUeIzQ==" + "version": "16.0.1", + "resolved": "https://registry.npmjs.org/sift/-/sift-16.0.1.tgz", + "integrity": "sha512-Wv6BjQ5zbhW7VFefWusVP33T/EM0vYikCaQ2qR8yULbsilAT8/wQaXvuQ3ptGLpoKx+lihJE3y2UTgKDyyNHZQ==" }, "signal-exit": { "version": "3.0.3", @@ -11816,7 +11774,7 @@ "sparse-bitfield": { "version": "3.0.3", "resolved": "https://registry.npmjs.org/sparse-bitfield/-/sparse-bitfield-3.0.3.tgz", - "integrity": "sha1-/0rm5oZWBWuks+eSqzM004JzyhE=", + "integrity": "sha512-kvzhi7vqKTfkh0PZU+2D2PIllw2ymqJKujUcyPMd9Y75Nv4nPbGJZXNhxsgdQab2BmlDct1YnfQCguEvHr7VsQ==", "optional": true, "requires": { "memory-pager": "^1.0.2" diff --git a/package.json b/package.json index e97c93ba..aab61826 100644 --- a/package.json +++ b/package.json @@ -50,7 +50,7 @@ "jwt-decode": "^3.1.2", "lodash": "^4.17.21", "migrate-mongo": "^9.0.0", - "mongoose": "^6.5.1", + "mongoose": "^6.12.0", "morgan": "^1.10.0", "nanoid": "^3.3.6", "node-cache": "^5.1.2",