From f81f023ddff2194b5154e58a511f271022df33a4 Mon Sep 17 00:00:00 2001 From: sszafGCA <116172610+sszafGCA@users.noreply.github.com> Date: Thu, 9 Nov 2023 16:52:31 +0100 Subject: [PATCH 1/6] BC-4895-stop sending emails to non existent thr @schul-cloud.org addresses (#4476) * impl of mail addresses whitelist logic --- .../src/infra/mail/interfaces/mail-config.ts | 3 ++ apps/server/src/infra/mail/mail.module.ts | 3 ++ .../src/infra/mail/mail.service.spec.ts | 49 ++++++++++++++++--- apps/server/src/infra/mail/mail.service.ts | 42 ++++++++++++++-- .../src/modules/server/server.config.ts | 7 ++- config/default.schema.json | 1 + 6 files changed, 95 insertions(+), 10 deletions(-) create mode 100644 apps/server/src/infra/mail/interfaces/mail-config.ts diff --git a/apps/server/src/infra/mail/interfaces/mail-config.ts b/apps/server/src/infra/mail/interfaces/mail-config.ts new file mode 100644 index 00000000000..6dbb0c7864d --- /dev/null +++ b/apps/server/src/infra/mail/interfaces/mail-config.ts @@ -0,0 +1,3 @@ +export interface IMailConfig { + ADDITIONAL_BLACKLISTED_EMAIL_DOMAINS: string[]; +} diff --git a/apps/server/src/infra/mail/mail.module.ts b/apps/server/src/infra/mail/mail.module.ts index 1ca0630c44f..ee6d50d59e7 100644 --- a/apps/server/src/infra/mail/mail.module.ts +++ b/apps/server/src/infra/mail/mail.module.ts @@ -1,5 +1,7 @@ import { Module, DynamicModule } from '@nestjs/common'; +import { ConfigService } from '@nestjs/config'; import { MailService } from './mail.service'; +import { IMailConfig } from './interfaces/mail-config'; interface MailModuleOptions { exchange: string; @@ -17,6 +19,7 @@ export class MailModule { provide: 'MAIL_SERVICE_OPTIONS', useValue: { exchange: options.exchange, routingKey: options.routingKey }, }, + ConfigService, ], exports: [MailService], }; diff --git a/apps/server/src/infra/mail/mail.service.spec.ts b/apps/server/src/infra/mail/mail.service.spec.ts index 58c0ce9336a..ebc77030252 100644 --- a/apps/server/src/infra/mail/mail.service.spec.ts +++ b/apps/server/src/infra/mail/mail.service.spec.ts @@ -1,7 +1,10 @@ import { AmqpConnection } from '@golevelup/nestjs-rabbitmq'; import { Test, TestingModule } from '@nestjs/testing'; +import { createMock } from '@golevelup/ts-jest'; +import { ConfigService } from '@nestjs/config'; import { Mail } from './mail.interface'; import { MailService } from './mail.service'; +import { IMailConfig } from './interfaces/mail-config'; describe('MailService', () => { let module: TestingModule; @@ -19,6 +22,10 @@ describe('MailService', () => { MailService, { provide: AmqpConnection, useValue: { publish: () => {} } }, { provide: 'MAIL_SERVICE_OPTIONS', useValue: mailServiceOptions }, + { + provide: ConfigService, + useValue: createMock>({ get: () => ['schul-cloud.org', 'example.com'] }), + }, ], }).compile(); @@ -34,13 +41,43 @@ describe('MailService', () => { expect(service).toBeDefined(); }); - it('should send given data to queue', async () => { - const data: Mail = { mail: { plainTextContent: 'content', subject: 'Test' }, recipients: ['test@example.com'] }; - const amqpConnectionSpy = jest.spyOn(amqpConnection, 'publish'); + describe('send', () => { + describe('when recipients array is empty', () => { + it('should not send email', async () => { + const data: Mail = { + mail: { plainTextContent: 'content', subject: 'Test' }, + recipients: ['test@schul-cloud.org'], + }; - await service.send(data); + const amqpConnectionSpy = jest.spyOn(amqpConnection, 'publish'); - const expectedParams = [mailServiceOptions.exchange, mailServiceOptions.routingKey, data, { persistent: true }]; - expect(amqpConnectionSpy).toHaveBeenCalledWith(...expectedParams); + await service.send(data); + + expect(amqpConnectionSpy).toHaveBeenCalledTimes(0); + }); + }); + describe('when sending email', () => { + it('should remove email address that have blacklisted domain and send given data to queue', async () => { + const data: Mail = { + mail: { plainTextContent: 'content', subject: 'Test' }, + recipients: ['test@schul-cloud.org', 'test@example1.com', 'test2@schul-cloud.org', 'test3@schul-cloud.org'], + cc: ['test@example.com', 'test5@schul-cloud.org', 'test6@schul-cloud.org'], + bcc: ['test7@schul-cloud.org', 'test@example2.com', 'test8@schul-cloud.org'], + replyTo: ['test@example3.com', 'test9@schul-cloud.org', 'test10@schul-cloud.org'], + }; + + const amqpConnectionSpy = jest.spyOn(amqpConnection, 'publish'); + + await service.send(data); + + expect(data.recipients).toEqual(['test@example1.com']); + expect(data.cc).toEqual([]); + expect(data.bcc).toEqual(['test@example2.com']); + expect(data.replyTo).toEqual(['test@example3.com']); + + const expectedParams = [mailServiceOptions.exchange, mailServiceOptions.routingKey, data, { persistent: true }]; + expect(amqpConnectionSpy).toHaveBeenCalledWith(...expectedParams); + }); + }); }); }); diff --git a/apps/server/src/infra/mail/mail.service.ts b/apps/server/src/infra/mail/mail.service.ts index aaf9cfacb9d..432f0746934 100644 --- a/apps/server/src/infra/mail/mail.service.ts +++ b/apps/server/src/infra/mail/mail.service.ts @@ -1,7 +1,8 @@ import { AmqpConnection } from '@golevelup/nestjs-rabbitmq'; import { Inject, Injectable } from '@nestjs/common'; - +import { ConfigService } from '@nestjs/config'; import { Mail } from './mail.interface'; +import { IMailConfig } from './interfaces/mail-config'; interface MailServiceOptions { exchange: string; @@ -10,12 +11,47 @@ interface MailServiceOptions { @Injectable() export class MailService { + private readonly domainBlacklist: string[]; + constructor( private readonly amqpConnection: AmqpConnection, - @Inject('MAIL_SERVICE_OPTIONS') private readonly options: MailServiceOptions - ) {} + @Inject('MAIL_SERVICE_OPTIONS') private readonly options: MailServiceOptions, + private readonly configService: ConfigService + ) { + this.domainBlacklist = this.configService.get('ADDITIONAL_BLACKLISTED_EMAIL_DOMAINS'); + } public async send(data: Mail): Promise { + if (this.domainBlacklist.length > 0) { + data.recipients = this.filterEmailAdresses(data.recipients) as string[]; + data.cc = this.filterEmailAdresses(data.cc); + data.bcc = this.filterEmailAdresses(data.bcc); + data.replyTo = this.filterEmailAdresses(data.replyTo); + } + + if (data.recipients.length === 0) { + return; + } + await this.amqpConnection.publish(this.options.exchange, this.options.routingKey, data, { persistent: true }); } + + private filterEmailAdresses(mails: string[] | undefined): string[] | undefined { + if (mails === undefined || mails === null) { + return mails; + } + const mailWhitelist: string[] = []; + + for (const mail of mails) { + const mailDomain = this.getMailDomain(mail); + if (mailDomain && !this.domainBlacklist.includes(mailDomain)) { + mailWhitelist.push(mail); + } + } + return mailWhitelist; + } + + private getMailDomain(mail: string): string { + return mail.split('@')[1]; + } } diff --git a/apps/server/src/modules/server/server.config.ts b/apps/server/src/modules/server/server.config.ts index becc7ec78fc..5d1ea95cc3b 100644 --- a/apps/server/src/modules/server/server.config.ts +++ b/apps/server/src/modules/server/server.config.ts @@ -5,6 +5,7 @@ import type { IAccountConfig } from '@modules/account'; import type { IFilesStorageClientConfig } from '@modules/files-storage-client'; import type { IUserConfig } from '@modules/user'; import type { ICommonCartridgeConfig } from '@modules/learnroom/common-cartridge'; +import { IMailConfig } from '@src/infra/mail/interfaces/mail-config'; export enum NodeEnvType { TEST = 'test', @@ -19,7 +20,8 @@ export interface IServerConfig IFilesStorageClientConfig, IAccountConfig, IIdentityManagementConfig, - ICommonCartridgeConfig { + ICommonCartridgeConfig, + IMailConfig { NODE_ENV: string; SC_DOMAIN: string; } @@ -39,6 +41,9 @@ const config: IServerConfig = { FEATURE_IDENTITY_MANAGEMENT_ENABLED: Configuration.get('FEATURE_IDENTITY_MANAGEMENT_ENABLED') as boolean, FEATURE_IDENTITY_MANAGEMENT_STORE_ENABLED: Configuration.get('FEATURE_IDENTITY_MANAGEMENT_STORE_ENABLED') as boolean, FEATURE_IDENTITY_MANAGEMENT_LOGIN_ENABLED: Configuration.get('FEATURE_IDENTITY_MANAGEMENT_LOGIN_ENABLED') as boolean, + ADDITIONAL_BLACKLISTED_EMAIL_DOMAINS: (Configuration.get('ADDITIONAL_BLACKLISTED_EMAIL_DOMAINS') as string) + .split(',') + .map((domain) => domain.trim()), }; export const serverConfig = () => config; diff --git a/config/default.schema.json b/config/default.schema.json index a34d8e899ad..bd637b719e9 100644 --- a/config/default.schema.json +++ b/config/default.schema.json @@ -177,6 +177,7 @@ }, "ADDITIONAL_BLACKLISTED_EMAIL_DOMAINS": { "type": "string", + "default":"", "description": "Add custom domain to the list of blocked domains (comma separated list)." }, "FEATURE_TSP_AUTO_CONSENT_ENABLED": { From 4a7cb7174cd4dd97eb3d4a180608024a37de34f4 Mon Sep 17 00:00:00 2001 From: Cedric Evers <12080057+CeEv@users.noreply.github.com> Date: Fri, 10 Nov 2023 10:43:51 +0100 Subject: [PATCH 2/6] BC-5662 Add linter rule for deep module imports (#4538) --- .eslintrc.js | 29 +- apps/server/src/apps/server.app.ts | 2 +- apps/server/src/modules/account/index.ts | 2 +- .../src/modules/account/services/index.ts | 1 + .../modules/user/service/user.service.spec.ts | 9 +- package-lock.json | 1228 +++++++++++------ package.json | 2 +- 7 files changed, 873 insertions(+), 400 deletions(-) diff --git a/.eslintrc.js b/.eslintrc.js index 008320274fb..a1851003d0d 100644 --- a/.eslintrc.js +++ b/.eslintrc.js @@ -65,22 +65,24 @@ module.exports = { overrides: [ { files: ['apps/**/*.ts'], + env: { + node: true, + es6: true, + }, parser: '@typescript-eslint/parser', - plugins: ['@typescript-eslint/eslint-plugin'], + parserOptions: { + project: 'apps/server/tsconfig.lint.json', + sourceType: 'module', + }, + plugins: ['@typescript-eslint/eslint-plugin', 'import'], extends: [ 'airbnb-typescript/base', 'plugin:@typescript-eslint/recommended', 'plugin:@typescript-eslint/recommended-requiring-type-checking', 'prettier', 'plugin:promise/recommended', + 'plugin:import/typescript', ], - parserOptions: { - project: 'apps/server/tsconfig.lint.json', - }, - env: { - node: true, - es6: true, - }, rules: { 'import/no-unresolved': 'off', // better handled by ts resolver 'import/no-extraneous-dependencies': 'off', // better handles by ts resolver @@ -98,6 +100,17 @@ module.exports = { allowSingleExtends: true, }, ], + '@typescript-eslint/no-restricted-imports': [ + 'warn', + { + patterns: [ + { + group: ['@infra/*/*', '@modules/*/*', '!*.module'], + message: 'Do not deep import from a module', + }, + ], + }, + ], }, overrides: [ { diff --git a/apps/server/src/apps/server.app.ts b/apps/server/src/apps/server.app.ts index 9538d6c8515..6322bcd568f 100644 --- a/apps/server/src/apps/server.app.ts +++ b/apps/server/src/apps/server.app.ts @@ -7,7 +7,7 @@ import { ExpressAdapter } from '@nestjs/platform-express'; import { enableOpenApiDocs } from '@shared/controller/swagger'; import { Mail, MailService } from '@infra/mail'; import { LegacyLogger, Logger } from '@src/core/logger'; -import { AccountService } from '@modules/account/services/account.service'; +import { AccountService } from '@modules/account'; import { TeamService } from '@modules/teams/service/team.service'; import { AccountValidationService } from '@modules/account/services/account.validation.service'; import { AccountUc } from '@modules/account/uc/account.uc'; diff --git a/apps/server/src/modules/account/index.ts b/apps/server/src/modules/account/index.ts index 2fa0bcc2334..7db4a66a657 100644 --- a/apps/server/src/modules/account/index.ts +++ b/apps/server/src/modules/account/index.ts @@ -1,3 +1,3 @@ export * from './account.module'; export * from './account-config'; -export { AccountService } from './services'; +export { AccountService, AccountDto } from './services'; diff --git a/apps/server/src/modules/account/services/index.ts b/apps/server/src/modules/account/services/index.ts index 72778be1f1e..2fc3f3a3246 100644 --- a/apps/server/src/modules/account/services/index.ts +++ b/apps/server/src/modules/account/services/index.ts @@ -1 +1,2 @@ export * from './account.service'; +export { AccountDto } from './dto'; diff --git a/apps/server/src/modules/user/service/user.service.spec.ts b/apps/server/src/modules/user/service/user.service.spec.ts index 223fa1f0c88..f65d02c13a5 100644 --- a/apps/server/src/modules/user/service/user.service.spec.ts +++ b/apps/server/src/modules/user/service/user.service.spec.ts @@ -7,12 +7,11 @@ import { UserDO } from '@shared/domain/domainobject/user.do'; import { UserRepo } from '@shared/repo'; import { UserDORepo } from '@shared/repo/user/user-do.repo'; import { roleFactory, setupEntities, userDoFactory, userFactory } from '@shared/testing'; -import { AccountService } from '@modules/account/services/account.service'; -import { AccountDto } from '@modules/account/services/dto'; -import { RoleService } from '@modules/role/service/role.service'; -import { UserService } from '@modules/user/service/user.service'; -import { UserDto } from '@modules/user/uc/dto/user.dto'; +import { AccountService, AccountDto } from '@modules/account'; +import { RoleService } from '@modules/role'; import { OauthCurrentUser } from '@modules/authentication/interface'; +import { UserDto } from '../uc/dto/user.dto'; +import { UserService } from './user.service'; import { UserQuery } from './user-query.type'; describe('UserService', () => { diff --git a/package-lock.json b/package-lock.json index 5f895871520..bf63523c91a 100644 --- a/package-lock.json +++ b/package-lock.json @@ -178,7 +178,7 @@ "eslint-config-airbnb-typescript": "^17.0.0", "eslint-config-prettier": "^8.5.0", "eslint-import-resolver-typescript": "^3.5.2", - "eslint-plugin-import": "^2.26.0", + "eslint-plugin-import": "^2.29.0", "eslint-plugin-jest": "^27.1.6", "eslint-plugin-jsx-a11y": "^6.6.1", "eslint-plugin-no-only-tests": "^3.1.0", @@ -6866,21 +6866,33 @@ "node": ">=6.0" } }, + "node_modules/array-buffer-byte-length": { + "version": "1.0.0", + "resolved": "https://registry.npmjs.org/array-buffer-byte-length/-/array-buffer-byte-length-1.0.0.tgz", + "integrity": "sha512-LPuwb2P+NrQw3XhxGc36+XSvuBPopovXYTR9Ew++Du9Yb/bx5AzBfrIsBoj0EZUifjQU+sHL21sseZ3jerWO/A==", + "dependencies": { + "call-bind": "^1.0.2", + "is-array-buffer": "^3.0.1" + }, + "funding": { + "url": "https://github.com/sponsors/ljharb" + } + }, "node_modules/array-flatten": { "version": "1.1.1", "resolved": "https://registry.npmjs.org/array-flatten/-/array-flatten-1.1.1.tgz", "integrity": "sha1-ml9pkFGx5wczKPKgCJaLZOopVdI=" }, "node_modules/array-includes": { - "version": "3.1.6", - "resolved": "https://registry.npmjs.org/array-includes/-/array-includes-3.1.6.tgz", - "integrity": "sha512-sgTbLvL6cNnw24FnbaDyjmvddQ2ML8arZsgaJhoABMoplz/4QRhtrYS+alr1BUM1Bwp6dhx8vVCBSLG+StwOFw==", + "version": "3.1.7", + "resolved": "https://registry.npmjs.org/array-includes/-/array-includes-3.1.7.tgz", + "integrity": "sha512-dlcsNBIiWhPkHdOEEKnehA+RNUWDc4UqFtnIXU4uuYDPtA4LDkr7qip2p0VvFAEXNDr0yWZ9PJyIRiGjRLQzwQ==", "dev": true, "dependencies": { "call-bind": "^1.0.2", - "define-properties": "^1.1.4", - "es-abstract": "^1.20.4", - "get-intrinsic": "^1.1.3", + "define-properties": "^1.2.0", + "es-abstract": "^1.22.1", + "get-intrinsic": "^1.2.1", "is-string": "^1.0.7" }, "engines": { @@ -6914,15 +6926,73 @@ "node": ">=8" } }, + "node_modules/array.prototype.findlastindex": { + "version": "1.2.3", + "resolved": "https://registry.npmjs.org/array.prototype.findlastindex/-/array.prototype.findlastindex-1.2.3.tgz", + "integrity": "sha512-LzLoiOMAxvy+Gd3BAq3B7VeIgPdo+Q8hthvKtXybMvRV0jrXfJM/t8mw7nNlpEcVlVUnCnM2KSX4XU5HmpodOA==", + "dev": true, + "dependencies": { + "call-bind": "^1.0.2", + "define-properties": "^1.2.0", + "es-abstract": "^1.22.1", + "es-shim-unscopables": "^1.0.0", + "get-intrinsic": "^1.2.1" + }, + "engines": { + "node": ">= 0.4" + }, + "funding": { + "url": "https://github.com/sponsors/ljharb" + } + }, "node_modules/array.prototype.flat": { - "version": "1.2.5", - "resolved": "https://registry.npmjs.org/array.prototype.flat/-/array.prototype.flat-1.2.5.tgz", - "integrity": "sha512-KaYU+S+ndVqyUnignHftkwc58o3uVU1jzczILJ1tN2YaIZpFIKBiP/x/j97E5MVPsaCloPbqWLB/8qCTVvT2qg==", + "version": "1.3.2", + "resolved": "https://registry.npmjs.org/array.prototype.flat/-/array.prototype.flat-1.3.2.tgz", + "integrity": "sha512-djYB+Zx2vLewY8RWlNCUdHjDXs2XOgm602S9E7P/UpHgfeHL00cRiIF+IN/G/aUJ7kGPb6yO/ErDI5V2s8iycA==", "dev": true, "dependencies": { "call-bind": "^1.0.2", - "define-properties": "^1.1.3", - "es-abstract": "^1.19.0" + "define-properties": "^1.2.0", + "es-abstract": "^1.22.1", + "es-shim-unscopables": "^1.0.0" + }, + "engines": { + "node": ">= 0.4" + }, + "funding": { + "url": "https://github.com/sponsors/ljharb" + } + }, + "node_modules/array.prototype.flatmap": { + "version": "1.3.2", + "resolved": "https://registry.npmjs.org/array.prototype.flatmap/-/array.prototype.flatmap-1.3.2.tgz", + "integrity": "sha512-Ewyx0c9PmpcsByhSW4r+9zDU7sGjFc86qf/kKtuSCRdhfbk0SNLLkaT5qvcHnRGgc5NP/ly/y+qkXkqONX54CQ==", + "dev": true, + "dependencies": { + "call-bind": "^1.0.2", + "define-properties": "^1.2.0", + "es-abstract": "^1.22.1", + "es-shim-unscopables": "^1.0.0" + }, + "engines": { + "node": ">= 0.4" + }, + "funding": { + "url": "https://github.com/sponsors/ljharb" + } + }, + "node_modules/arraybuffer.prototype.slice": { + "version": "1.0.2", + "resolved": "https://registry.npmjs.org/arraybuffer.prototype.slice/-/arraybuffer.prototype.slice-1.0.2.tgz", + "integrity": "sha512-yMBKppFur/fbHu9/6USUe03bZ4knMYiwFBcyiaXB8Go0qNehwX6inYPzK9U0NeQvGxKthcmHcaR8P5MStSRBAw==", + "dependencies": { + "array-buffer-byte-length": "^1.0.0", + "call-bind": "^1.0.2", + "define-properties": "^1.2.0", + "es-abstract": "^1.22.1", + "get-intrinsic": "^1.2.1", + "is-array-buffer": "^3.0.2", + "is-shared-array-buffer": "^1.0.2" }, "engines": { "node": ">= 0.4" @@ -7750,12 +7820,13 @@ } }, "node_modules/call-bind": { - "version": "1.0.2", - "resolved": "https://registry.npmjs.org/call-bind/-/call-bind-1.0.2.tgz", - "integrity": "sha512-7O+FbCihrB5WGbFYesctwmTKae6rOiIzmz1icreWJ+0aA7LJfuqhEso2T9ncpcFtzMQtzXf2QGGueWJGTYsqrA==", + "version": "1.0.5", + "resolved": "https://registry.npmjs.org/call-bind/-/call-bind-1.0.5.tgz", + "integrity": "sha512-C3nQxfFZxFRVoJoGKKI8y3MOEo129NQ+FgQ08iye+Mk4zNZZGdjfs06bVTr+DBSlA66Q2VEcMki/cUCP4SercQ==", "dependencies": { - "function-bind": "^1.1.1", - "get-intrinsic": "^1.0.2" + "function-bind": "^1.1.2", + "get-intrinsic": "^1.2.1", + "set-function-length": "^1.1.1" }, "funding": { "url": "https://github.com/sponsors/ljharb" @@ -9283,6 +9354,19 @@ "node": ">=0.8" } }, + "node_modules/define-data-property": { + "version": "1.1.1", + "resolved": "https://registry.npmjs.org/define-data-property/-/define-data-property-1.1.1.tgz", + "integrity": "sha512-E7uGkTzkk1d0ByLeSc6ZsFS79Axg+m1P/VsgYsxHgiuc3tFSj+MjMIwe90FC4lOAZzNBdY7kkO2P2wKdsQ1vgQ==", + "dependencies": { + "get-intrinsic": "^1.2.1", + "gopd": "^1.0.1", + "has-property-descriptors": "^1.0.0" + }, + "engines": { + "node": ">= 0.4" + } + }, "node_modules/define-lazy-prop": { "version": "2.0.0", "resolved": "https://registry.npmjs.org/define-lazy-prop/-/define-lazy-prop-2.0.0.tgz", @@ -9293,10 +9377,11 @@ } }, "node_modules/define-properties": { - "version": "1.1.4", - "resolved": "https://registry.npmjs.org/define-properties/-/define-properties-1.1.4.tgz", - "integrity": "sha512-uckOqKcfaVvtBdsVkdPv3XjveQJsNQqmhXgRi8uhvWWuPYZCNlzT8qAyblUgNoXdHdjMTzAqeGjAoli8f+bzPA==", + "version": "1.2.1", + "resolved": "https://registry.npmjs.org/define-properties/-/define-properties-1.2.1.tgz", + "integrity": "sha512-8QmQKqEASLd5nx0U1B1okLElbUuuttJ/AnYmRXbbbGDWh6uS208EjD4Xqq/I9wK7u0v6O08XhTWnt5XtEbR6Dg==", "dependencies": { + "define-data-property": "^1.0.1", "has-property-descriptors": "^1.0.0", "object-keys": "^1.1.1" }, @@ -9708,35 +9793,49 @@ } }, "node_modules/es-abstract": { - "version": "1.20.5", - "resolved": "https://registry.npmjs.org/es-abstract/-/es-abstract-1.20.5.tgz", - "integrity": "sha512-7h8MM2EQhsCA7pU/Nv78qOXFpD8Rhqd12gYiSJVkrH9+e8VuA8JlPJK/hQjjlLv6pJvx/z1iRFKzYb0XT/RuAQ==", + "version": "1.22.3", + "resolved": "https://registry.npmjs.org/es-abstract/-/es-abstract-1.22.3.tgz", + "integrity": "sha512-eiiY8HQeYfYH2Con2berK+To6GrK2RxbPawDkGq4UiCQQfZHb6wX9qQqkbpPqaxQFcl8d9QzZqo0tGE0VcrdwA==", "dependencies": { - "call-bind": "^1.0.2", + "array-buffer-byte-length": "^1.0.0", + "arraybuffer.prototype.slice": "^1.0.2", + "available-typed-arrays": "^1.0.5", + "call-bind": "^1.0.5", + "es-set-tostringtag": "^2.0.1", "es-to-primitive": "^1.2.1", - "function-bind": "^1.1.1", - "function.prototype.name": "^1.1.5", - "get-intrinsic": "^1.1.3", + "function.prototype.name": "^1.1.6", + "get-intrinsic": "^1.2.2", "get-symbol-description": "^1.0.0", + "globalthis": "^1.0.3", "gopd": "^1.0.1", - "has": "^1.0.3", "has-property-descriptors": "^1.0.0", + "has-proto": "^1.0.1", "has-symbols": "^1.0.3", - "internal-slot": "^1.0.3", + "hasown": "^2.0.0", + "internal-slot": "^1.0.5", + "is-array-buffer": "^3.0.2", "is-callable": "^1.2.7", "is-negative-zero": "^2.0.2", "is-regex": "^1.1.4", "is-shared-array-buffer": "^1.0.2", "is-string": "^1.0.7", + "is-typed-array": "^1.1.12", "is-weakref": "^1.0.2", - "object-inspect": "^1.12.2", + "object-inspect": "^1.13.1", "object-keys": "^1.1.1", "object.assign": "^4.1.4", - "regexp.prototype.flags": "^1.4.3", + "regexp.prototype.flags": "^1.5.1", + "safe-array-concat": "^1.0.1", "safe-regex-test": "^1.0.0", - "string.prototype.trimend": "^1.0.6", - "string.prototype.trimstart": "^1.0.6", - "unbox-primitive": "^1.0.2" + "string.prototype.trim": "^1.2.8", + "string.prototype.trimend": "^1.0.7", + "string.prototype.trimstart": "^1.0.7", + "typed-array-buffer": "^1.0.0", + "typed-array-byte-length": "^1.0.0", + "typed-array-byte-offset": "^1.0.0", + "typed-array-length": "^1.0.4", + "unbox-primitive": "^1.0.2", + "which-typed-array": "^1.1.13" }, "engines": { "node": ">= 0.4" @@ -9751,6 +9850,28 @@ "integrity": "sha512-vZK7T0N2CBmBOixhmjdqx2gWVbFZ4DXZ/NyRMZVlJXPa7CyFS+/a4QQsDGDQy9ZfEzxFuNEsMLeQJnKP2p5/JA==", "dev": true }, + "node_modules/es-set-tostringtag": { + "version": "2.0.2", + "resolved": "https://registry.npmjs.org/es-set-tostringtag/-/es-set-tostringtag-2.0.2.tgz", + "integrity": "sha512-BuDyupZt65P9D2D2vA/zqcI3G5xRsklm5N3xCwuiy+/vKy8i0ifdsQP1sLgO4tZDSCaQUSnmC48khknGMV3D2Q==", + "dependencies": { + "get-intrinsic": "^1.2.2", + "has-tostringtag": "^1.0.0", + "hasown": "^2.0.0" + }, + "engines": { + "node": ">= 0.4" + } + }, + "node_modules/es-shim-unscopables": { + "version": "1.0.2", + "resolved": "https://registry.npmjs.org/es-shim-unscopables/-/es-shim-unscopables-1.0.2.tgz", + "integrity": "sha512-J3yBRXCzDu4ULnQwxyToo/OjdMx6akgVC7K6few0a7F/0wLtmKKN7I73AH5T2836UuXRqN7Qg+IIUw/+YJksRw==", + "dev": true, + "dependencies": { + "hasown": "^2.0.0" + } + }, "node_modules/es-to-primitive": { "version": "1.2.1", "resolved": "https://registry.npmjs.org/es-to-primitive/-/es-to-primitive-1.2.1.tgz", @@ -10441,13 +10562,14 @@ } }, "node_modules/eslint-import-resolver-node": { - "version": "0.3.6", - "resolved": "https://registry.npmjs.org/eslint-import-resolver-node/-/eslint-import-resolver-node-0.3.6.tgz", - "integrity": "sha512-0En0w03NRVMn9Uiyn8YRPDKvWjxCWkslUEhGNTdGx15RvPJYQ+lbOlqrlNI2vEAs4pDYK4f/HN2TbDmk5TP0iw==", + "version": "0.3.9", + "resolved": "https://registry.npmjs.org/eslint-import-resolver-node/-/eslint-import-resolver-node-0.3.9.tgz", + "integrity": "sha512-WFj2isz22JahUv+B788TlO3N6zL3nNJGU8CcZbPZvVEkBPaJdCV4vy5wyghty5ROFbCRnm132v8BScu5/1BQ8g==", "dev": true, "dependencies": { "debug": "^3.2.7", - "resolve": "^1.20.0" + "is-core-module": "^2.13.0", + "resolve": "^1.22.4" } }, "node_modules/eslint-import-resolver-node/node_modules/debug": { @@ -10533,16 +10655,20 @@ } }, "node_modules/eslint-module-utils": { - "version": "2.7.3", - "resolved": "https://registry.npmjs.org/eslint-module-utils/-/eslint-module-utils-2.7.3.tgz", - "integrity": "sha512-088JEC7O3lDZM9xGe0RerkOMd0EjFl+Yvd1jPWIkMT5u3H9+HC34mWWPnqPrN13gieT9pBOO+Qt07Nb/6TresQ==", + "version": "2.8.0", + "resolved": "https://registry.npmjs.org/eslint-module-utils/-/eslint-module-utils-2.8.0.tgz", + "integrity": "sha512-aWajIYfsqCKRDgUfjEXNN/JlrzauMuSEy5sbd7WXbtW3EH6A6MpwEh42c7qD+MqQo9QMJ6fWLAeIJynx0g6OAw==", "dev": true, "dependencies": { - "debug": "^3.2.7", - "find-up": "^2.1.0" + "debug": "^3.2.7" }, "engines": { "node": ">=4" + }, + "peerDependenciesMeta": { + "eslint": { + "optional": true + } } }, "node_modules/eslint-module-utils/node_modules/debug": { @@ -10555,24 +10681,28 @@ } }, "node_modules/eslint-plugin-import": { - "version": "2.26.0", - "resolved": "https://registry.npmjs.org/eslint-plugin-import/-/eslint-plugin-import-2.26.0.tgz", - "integrity": "sha512-hYfi3FXaM8WPLf4S1cikh/r4IxnO6zrhZbEGz2b660EJRbuxgpDS5gkCuYgGWg2xxh2rBuIr4Pvhve/7c31koA==", + "version": "2.29.0", + "resolved": "https://registry.npmjs.org/eslint-plugin-import/-/eslint-plugin-import-2.29.0.tgz", + "integrity": "sha512-QPOO5NO6Odv5lpoTkddtutccQjysJuFxoPS7fAHO+9m9udNHvTCPSAMW9zGAYj8lAIdr40I8yPCdUYrncXtrwg==", "dev": true, "dependencies": { - "array-includes": "^3.1.4", - "array.prototype.flat": "^1.2.5", - "debug": "^2.6.9", + "array-includes": "^3.1.7", + "array.prototype.findlastindex": "^1.2.3", + "array.prototype.flat": "^1.3.2", + "array.prototype.flatmap": "^1.3.2", + "debug": "^3.2.7", "doctrine": "^2.1.0", - "eslint-import-resolver-node": "^0.3.6", - "eslint-module-utils": "^2.7.3", - "has": "^1.0.3", - "is-core-module": "^2.8.1", + "eslint-import-resolver-node": "^0.3.9", + "eslint-module-utils": "^2.8.0", + "hasown": "^2.0.0", + "is-core-module": "^2.13.1", "is-glob": "^4.0.3", "minimatch": "^3.1.2", - "object.values": "^1.1.5", - "resolve": "^1.22.0", - "tsconfig-paths": "^3.14.1" + "object.fromentries": "^2.0.7", + "object.groupby": "^1.0.1", + "object.values": "^1.1.7", + "semver": "^6.3.1", + "tsconfig-paths": "^3.14.2" }, "engines": { "node": ">=4" @@ -10582,12 +10712,12 @@ } }, "node_modules/eslint-plugin-import/node_modules/debug": { - "version": "2.6.9", - "resolved": "https://registry.npmjs.org/debug/-/debug-2.6.9.tgz", - "integrity": "sha512-bC7ElrdJaJnPbAP+1EotYvqZsb3ecl5wi6Bfi6BJTUcNowp6cvspg0jXznRTKDjm/E7AdgFBVeAPVMNcKGsHMA==", + "version": "3.2.7", + "resolved": "https://registry.npmjs.org/debug/-/debug-3.2.7.tgz", + "integrity": "sha512-CFjzYYAi4ThfiQvizrFQevTTXHtnCqWfe7x1AhgEscTz6ZbLbfoLRLPugTQyBth6f8ZERVUSyWHFD/7Wu4t1XQ==", "dev": true, "dependencies": { - "ms": "2.0.0" + "ms": "^2.1.1" } }, "node_modules/eslint-plugin-import/node_modules/doctrine": { @@ -10614,11 +10744,14 @@ "json5": "lib/cli.js" } }, - "node_modules/eslint-plugin-import/node_modules/ms": { - "version": "2.0.0", - "resolved": "https://registry.npmjs.org/ms/-/ms-2.0.0.tgz", - "integrity": "sha1-VgiurfwAvmwpAd9fmGF4jeDVl8g=", - "dev": true + "node_modules/eslint-plugin-import/node_modules/semver": { + "version": "6.3.1", + "resolved": "https://registry.npmjs.org/semver/-/semver-6.3.1.tgz", + "integrity": "sha512-BR7VvDCVHO+q2xBEWskxS6DJE1qRnb7DxzUrogb71CWoSficBxYsiAGd+Kl0mmq/MprG9yArRkyrQxTO6XjMzA==", + "dev": true, + "bin": { + "semver": "bin/semver.js" + } }, "node_modules/eslint-plugin-import/node_modules/strip-bom": { "version": "3.0.0", @@ -10630,13 +10763,13 @@ } }, "node_modules/eslint-plugin-import/node_modules/tsconfig-paths": { - "version": "3.14.1", - "resolved": "https://registry.npmjs.org/tsconfig-paths/-/tsconfig-paths-3.14.1.tgz", - "integrity": "sha512-fxDhWnFSLt3VuTwtvJt5fpwxBHg5AdKWMsgcPOOIilyjymcYVZoCQF8fvFRezCNfblEXmi+PcM1eYHeOAgXCOQ==", + "version": "3.14.2", + "resolved": "https://registry.npmjs.org/tsconfig-paths/-/tsconfig-paths-3.14.2.tgz", + "integrity": "sha512-o/9iXgCYc5L/JxCHPe3Hvh8Q/2xm5Z+p18PESBU6Ff33695QnCHBEjcytY2q19ua7Mbl/DavtBOLq+oG0RCL+g==", "dev": true, "dependencies": { "@types/json5": "^0.0.29", - "json5": "^1.0.1", + "json5": "^1.0.2", "minimist": "^1.2.6", "strip-bom": "^3.0.0" } @@ -11795,18 +11928,6 @@ "url": "https://github.com/avajs/find-cache-dir?sponsor=1" } }, - "node_modules/find-up": { - "version": "2.1.0", - "resolved": "https://registry.npmjs.org/find-up/-/find-up-2.1.0.tgz", - "integrity": "sha1-RdG35QbHF93UgndaK3eSCjwMV6c=", - "dev": true, - "dependencies": { - "locate-path": "^2.0.0" - }, - "engines": { - "node": ">=4" - } - }, "node_modules/fishery": { "version": "2.2.2", "resolved": "https://registry.npmjs.org/fishery/-/fishery-2.2.2.tgz", @@ -12149,19 +12270,22 @@ } }, "node_modules/function-bind": { - "version": "1.1.1", - "resolved": "https://registry.npmjs.org/function-bind/-/function-bind-1.1.1.tgz", - "integrity": "sha512-yIovAzMX49sF8Yl58fSCWJ5svSLuaibPxXQJFLmBObTuCr0Mf1KiPopGM9NiFjiYBCbfaa2Fh6breQ6ANVTI0A==" + "version": "1.1.2", + "resolved": "https://registry.npmjs.org/function-bind/-/function-bind-1.1.2.tgz", + "integrity": "sha512-7XHNxH7qX9xG5mIwxkhumTox/MIRNcOgDrxWsMt2pAr23WHp6MrRlN7FBSFpCpr+oVO0F744iUgR82nJMfG2SA==", + "funding": { + "url": "https://github.com/sponsors/ljharb" + } }, "node_modules/function.prototype.name": { - "version": "1.1.5", - "resolved": "https://registry.npmjs.org/function.prototype.name/-/function.prototype.name-1.1.5.tgz", - "integrity": "sha512-uN7m/BzVKQnCUF/iW8jYea67v++2u7m5UgENbHRtdDVclOUP+FMPlCNdmk0h/ysGyo2tavMJEDqJAkJdRa1vMA==", + "version": "1.1.6", + "resolved": "https://registry.npmjs.org/function.prototype.name/-/function.prototype.name-1.1.6.tgz", + "integrity": "sha512-Z5kx79swU5P27WEayXM1tBi5Ze/lbIyiNgU3qyXUOf9b2rgXYyF9Dy9Cx+IQv/Lc8WCG6L82zwUPpSS9hGehIg==", "dependencies": { "call-bind": "^1.0.2", - "define-properties": "^1.1.3", - "es-abstract": "^1.19.0", - "functions-have-names": "^1.2.2" + "define-properties": "^1.2.0", + "es-abstract": "^1.22.1", + "functions-have-names": "^1.2.3" }, "engines": { "node": ">= 0.4" @@ -12233,13 +12357,14 @@ } }, "node_modules/get-intrinsic": { - "version": "1.1.3", - "resolved": "https://registry.npmjs.org/get-intrinsic/-/get-intrinsic-1.1.3.tgz", - "integrity": "sha512-QJVz1Tj7MS099PevUG5jvnt9tSkXN8K14dxQlikJuPt4uD9hHAHjLyLBiLR5zELelBdD9QNRAXZzsJx0WaDL9A==", + "version": "1.2.2", + "resolved": "https://registry.npmjs.org/get-intrinsic/-/get-intrinsic-1.2.2.tgz", + "integrity": "sha512-0gSo4ml/0j98Y3lngkFEot/zhiCeWsbYIlZ+uZOVgzLyLaUw7wxUL+nCTP0XJvJg1AXulJRI3UJi8GsbDuxdGA==", "dependencies": { - "function-bind": "^1.1.1", - "has": "^1.0.3", - "has-symbols": "^1.0.3" + "function-bind": "^1.1.2", + "has-proto": "^1.0.1", + "has-symbols": "^1.0.3", + "hasown": "^2.0.0" }, "funding": { "url": "https://github.com/sponsors/ljharb" @@ -12355,6 +12480,20 @@ "node": ">=4" } }, + "node_modules/globalthis": { + "version": "1.0.3", + "resolved": "https://registry.npmjs.org/globalthis/-/globalthis-1.0.3.tgz", + "integrity": "sha512-sFdI5LyBiNTHjRd7cGPWapiHWMOXKyuBNX/cWJ3NfzrZQVa8GI/8cofCl74AOVqq9W5kNmguTIzJ/1s2gyI9wA==", + "dependencies": { + "define-properties": "^1.1.3" + }, + "engines": { + "node": ">= 0.4" + }, + "funding": { + "url": "https://github.com/sponsors/ljharb" + } + }, "node_modules/globalyzer": { "version": "0.1.0", "resolved": "https://registry.npmjs.org/globalyzer/-/globalyzer-0.1.0.tgz", @@ -12515,6 +12654,7 @@ "version": "1.0.3", "resolved": "https://registry.npmjs.org/has/-/has-1.0.3.tgz", "integrity": "sha512-f2dvO0VU6Oej7RkWJGrehjbzMAjFp5/VKPp5tTpWIV4JHHZK1/BxbFRtf/siA2SWTe09caDmVtYYzWEIbBS4zw==", + "dev": true, "dependencies": { "function-bind": "^1.1.1" }, @@ -12558,6 +12698,17 @@ "url": "https://github.com/sponsors/ljharb" } }, + "node_modules/has-proto": { + "version": "1.0.1", + "resolved": "https://registry.npmjs.org/has-proto/-/has-proto-1.0.1.tgz", + "integrity": "sha512-7qE+iP+O+bgF9clE5+UoBFzE65mlBiVj3tKCrlNQ0Ogwm0BjpT/gK4SlLYDMybDh5I3TCTKnPPa0oMG7JDYrhg==", + "engines": { + "node": ">= 0.4" + }, + "funding": { + "url": "https://github.com/sponsors/ljharb" + } + }, "node_modules/has-symbols": { "version": "1.0.3", "resolved": "https://registry.npmjs.org/has-symbols/-/has-symbols-1.0.3.tgz", @@ -12615,6 +12766,17 @@ "node": ">=8" } }, + "node_modules/hasown": { + "version": "2.0.0", + "resolved": "https://registry.npmjs.org/hasown/-/hasown-2.0.0.tgz", + "integrity": "sha512-vUptKVTpIJhcczKBbgnS+RtcuYMB8+oNzPK2/Hp3hanz8JmpATdmmgLgSaadVREkDm+e2giHwY3ZRkyjSIDDFA==", + "dependencies": { + "function-bind": "^1.1.2" + }, + "engines": { + "node": ">= 0.4" + } + }, "node_modules/he": { "version": "1.2.0", "resolved": "https://registry.npmjs.org/he/-/he-1.2.0.tgz", @@ -12987,12 +13149,12 @@ "dev": true }, "node_modules/internal-slot": { - "version": "1.0.3", - "resolved": "https://registry.npmjs.org/internal-slot/-/internal-slot-1.0.3.tgz", - "integrity": "sha512-O0DB1JC/sPyZl7cIo78n5dR7eUSwwpYPiXRhTzNxZVAMUuB8vlnRFyLxdrVToks6XPLVnFfbzaVd5WLjhgg+vA==", + "version": "1.0.6", + "resolved": "https://registry.npmjs.org/internal-slot/-/internal-slot-1.0.6.tgz", + "integrity": "sha512-Xj6dv+PsbtwyPpEflsejS+oIZxmMlV44zAhG479uYu89MsjcYOhCFnNyKrkJrihbsiasQyY0afoCl/9BLR65bg==", "dependencies": { - "get-intrinsic": "^1.1.0", - "has": "^1.0.3", + "get-intrinsic": "^1.2.2", + "hasown": "^2.0.0", "side-channel": "^1.0.4" }, "engines": { @@ -13052,6 +13214,19 @@ "url": "https://github.com/sponsors/ljharb" } }, + "node_modules/is-array-buffer": { + "version": "3.0.2", + "resolved": "https://registry.npmjs.org/is-array-buffer/-/is-array-buffer-3.0.2.tgz", + "integrity": "sha512-y+FyyR/w8vfIRq4eQcM1EYgSTnmHXPqaF+IgzgraytCFq5Xh8lllDVmAZolPJiZttZLeFSINPYMaEJ7/vWUa1w==", + "dependencies": { + "call-bind": "^1.0.2", + "get-intrinsic": "^1.2.0", + "is-typed-array": "^1.1.10" + }, + "funding": { + "url": "https://github.com/sponsors/ljharb" + } + }, "node_modules/is-arrayish": { "version": "0.2.1", "resolved": "https://registry.npmjs.org/is-arrayish/-/is-arrayish-0.2.1.tgz", @@ -13129,11 +13304,11 @@ } }, "node_modules/is-core-module": { - "version": "2.11.0", - "resolved": "https://registry.npmjs.org/is-core-module/-/is-core-module-2.11.0.tgz", - "integrity": "sha512-RRjxlvLDkD1YJwDbroBHMb+cukurkDWNyHx7D3oNB5x9rb5ogcksMC5wHCadcXoo67gVr/+3GFySh3134zi6rw==", + "version": "2.13.1", + "resolved": "https://registry.npmjs.org/is-core-module/-/is-core-module-2.13.1.tgz", + "integrity": "sha512-hHrIjvZsftOsvKSn2TRYl63zvxsgE0K+0mYMoH6gD4omR5IWB2KynivBQczo3+wF1cCkjzvptnI9Q0sPU66ilw==", "dependencies": { - "has": "^1.0.3" + "hasown": "^2.0.0" }, "funding": { "url": "https://github.com/sponsors/ljharb" @@ -13372,15 +13547,11 @@ } }, "node_modules/is-typed-array": { - "version": "1.1.10", - "resolved": "https://registry.npmjs.org/is-typed-array/-/is-typed-array-1.1.10.tgz", - "integrity": "sha512-PJqgEHiWZvMpaFZ3uTc8kHPM4+4ADTlDniuQL7cU/UDA0Ql7F70yGfHph3cLNe+c9toaigv+DFzTJKhc2CtO6A==", + "version": "1.1.12", + "resolved": "https://registry.npmjs.org/is-typed-array/-/is-typed-array-1.1.12.tgz", + "integrity": "sha512-Z14TF2JNG8Lss5/HMqt0//T9JeHXttXy5pH/DBU4vi98ozO2btxzq9MwYDZYnKwU8nRsz/+GVFVRDq3DkVuSPg==", "dependencies": { - "available-typed-arrays": "^1.0.5", - "call-bind": "^1.0.2", - "for-each": "^0.3.3", - "gopd": "^1.0.1", - "has-tostringtag": "^1.0.0" + "which-typed-array": "^1.1.11" }, "engines": { "node": ">= 0.4" @@ -16083,19 +16254,6 @@ "node": ">=6.11.5" } }, - "node_modules/locate-path": { - "version": "2.0.0", - "resolved": "https://registry.npmjs.org/locate-path/-/locate-path-2.0.0.tgz", - "integrity": "sha1-K1aLJl7slExtnA3pw9u7ygNUzY4=", - "dev": true, - "dependencies": { - "p-locate": "^2.0.0", - "path-exists": "^3.0.0" - }, - "engines": { - "node": ">=4" - } - }, "node_modules/lodash": { "version": "4.17.21", "resolved": "https://registry.npmjs.org/lodash/-/lodash-4.17.21.tgz", @@ -18632,9 +18790,9 @@ } }, "node_modules/object-inspect": { - "version": "1.12.2", - "resolved": "https://registry.npmjs.org/object-inspect/-/object-inspect-1.12.2.tgz", - "integrity": "sha512-z+cPxW0QGUp0mcqcsgQyLVRDoXFQbXOwBaqyF7VIgI4TWNQsDHrBpUQslRmIfAoYWdYzs6UlKJtB2XJpTaNSpQ==", + "version": "1.13.1", + "resolved": "https://registry.npmjs.org/object-inspect/-/object-inspect-1.13.1.tgz", + "integrity": "sha512-5qoj1RUiKOMsCCNLV1CBiPYE10sziTsnmNxkAI/rZhiD63CF7IqdFGC/XzjWjpSgLf0LxXX3bDFIh0E18f6UhQ==", "funding": { "url": "https://github.com/sponsors/ljharb" } @@ -18678,15 +18836,44 @@ "node": ">= 0.4" } }, + "node_modules/object.fromentries": { + "version": "2.0.7", + "resolved": "https://registry.npmjs.org/object.fromentries/-/object.fromentries-2.0.7.tgz", + "integrity": "sha512-UPbPHML6sL8PI/mOqPwsH4G6iyXcCGzLin8KvEPenOZN5lpCNBZZQ+V62vdjB1mQHrmqGQt5/OJzemUA+KJmEA==", + "dev": true, + "dependencies": { + "call-bind": "^1.0.2", + "define-properties": "^1.2.0", + "es-abstract": "^1.22.1" + }, + "engines": { + "node": ">= 0.4" + }, + "funding": { + "url": "https://github.com/sponsors/ljharb" + } + }, + "node_modules/object.groupby": { + "version": "1.0.1", + "resolved": "https://registry.npmjs.org/object.groupby/-/object.groupby-1.0.1.tgz", + "integrity": "sha512-HqaQtqLnp/8Bn4GL16cj+CUYbnpe1bh0TtEaWvybszDG4tgxCJuRpV8VGuvNaI1fAnI4lUJzDG55MXcOH4JZcQ==", + "dev": true, + "dependencies": { + "call-bind": "^1.0.2", + "define-properties": "^1.2.0", + "es-abstract": "^1.22.1", + "get-intrinsic": "^1.2.1" + } + }, "node_modules/object.values": { - "version": "1.1.5", - "resolved": "https://registry.npmjs.org/object.values/-/object.values-1.1.5.tgz", - "integrity": "sha512-QUZRW0ilQ3PnPpbNtgdNV1PDbEqLIiSFB3l+EnGtBQ/8SUTLj1PZwtQHABZtLgwpJZTSZhuGLOGk57Drx2IvYg==", + "version": "1.1.7", + "resolved": "https://registry.npmjs.org/object.values/-/object.values-1.1.7.tgz", + "integrity": "sha512-aU6xnDFYT3x17e/f0IiiwlGPTy2jzMySGfUB4fq6z7CV8l85CWHDk5ErhyhpfDHhrOMwGFhSQkhMGHaIotA6Ng==", "dev": true, "dependencies": { "call-bind": "^1.0.2", - "define-properties": "^1.1.3", - "es-abstract": "^1.19.1" + "define-properties": "^1.2.0", + "es-abstract": "^1.22.1" }, "engines": { "node": ">= 0.4" @@ -18995,30 +19182,6 @@ "url": "https://github.com/sponsors/sindresorhus" } }, - "node_modules/p-locate": { - "version": "2.0.0", - "resolved": "https://registry.npmjs.org/p-locate/-/p-locate-2.0.0.tgz", - "integrity": "sha1-IKAQOyIqcMj9OcwuWAaA893l7EM=", - "dev": true, - "dependencies": { - "p-limit": "^1.1.0" - }, - "engines": { - "node": ">=4" - } - }, - "node_modules/p-locate/node_modules/p-limit": { - "version": "1.3.0", - "resolved": "https://registry.npmjs.org/p-limit/-/p-limit-1.3.0.tgz", - "integrity": "sha512-vvcXsLAJ9Dr5rQOPk7toZQZJApBl2K4J6dANSsEuh6QI41JYcsS/qhTGa9ErIUUgK3WNQoJYvylxvjqmiqEA9Q==", - "dev": true, - "dependencies": { - "p-try": "^1.0.0" - }, - "engines": { - "node": ">=4" - } - }, "node_modules/p-map": { "version": "3.0.0", "resolved": "https://registry.npmjs.org/p-map/-/p-map-3.0.0.tgz", @@ -19031,15 +19194,6 @@ "node": ">=8" } }, - "node_modules/p-try": { - "version": "1.0.0", - "resolved": "https://registry.npmjs.org/p-try/-/p-try-1.0.0.tgz", - "integrity": "sha512-U1etNYuMJoIz3ZXSrrySFjsXQTWOx2/jdi86L+2pRvph/qMKL6sbcCYdH23fqsbm8TH2Gn0OybpT4eSFlCVHww==", - "dev": true, - "engines": { - "node": ">=4" - } - }, "node_modules/package-hash": { "version": "4.0.0", "resolved": "https://registry.npmjs.org/package-hash/-/package-hash-4.0.0.tgz", @@ -19207,15 +19361,6 @@ "node": ">= 0.4.0" } }, - "node_modules/path-exists": { - "version": "3.0.0", - "resolved": "https://registry.npmjs.org/path-exists/-/path-exists-3.0.0.tgz", - "integrity": "sha1-zg6+ql94yxiSXqfYENe1mwEP1RU=", - "dev": true, - "engines": { - "node": ">=4" - } - }, "node_modules/path-is-absolute": { "version": "1.0.1", "resolved": "https://registry.npmjs.org/path-is-absolute/-/path-is-absolute-1.0.1.tgz", @@ -20616,13 +20761,13 @@ "integrity": "sha512-TuAasHQNamyyJ2hb97IuBEif4qBHGjPHBS64sZwytpLEqtBQ1gPJTnOaQ6qmpET16cK14kkjbazl6+p0RRv0yw==" }, "node_modules/regexp.prototype.flags": { - "version": "1.4.3", - "resolved": "https://registry.npmjs.org/regexp.prototype.flags/-/regexp.prototype.flags-1.4.3.tgz", - "integrity": "sha512-fjggEOO3slI6Wvgjwflkc4NFRCTZAu5CnNfBd5qOMYhWdn67nJBBu34/TkD++eeFmd8C9r9jfXJ27+nSiRkSUA==", + "version": "1.5.1", + "resolved": "https://registry.npmjs.org/regexp.prototype.flags/-/regexp.prototype.flags-1.5.1.tgz", + "integrity": "sha512-sy6TXMN+hnP/wMy+ISxg3krXx7BAtWVO4UouuCN/ziM9UEne0euamVNafDfvC83bRNr95y0V5iijeDQFUNpvrg==", "dependencies": { "call-bind": "^1.0.2", - "define-properties": "^1.1.3", - "functions-have-names": "^1.2.2" + "define-properties": "^1.2.0", + "set-function-name": "^2.0.0" }, "engines": { "node": ">= 0.4" @@ -20858,11 +21003,11 @@ "integrity": "sha1-kl0mAdOaxIXgkc8NpcbmlNw9yv8=" }, "node_modules/resolve": { - "version": "1.22.0", - "resolved": "https://registry.npmjs.org/resolve/-/resolve-1.22.0.tgz", - "integrity": "sha512-Hhtrw0nLeSrFQ7phPp4OOcVjLPIeMnRlr5mcnVuMe7M/7eBn98A3hmFRLoFo3DLZkivSYwhRUJTyPyWAk56WLw==", + "version": "1.22.8", + "resolved": "https://registry.npmjs.org/resolve/-/resolve-1.22.8.tgz", + "integrity": "sha512-oKWePCxqpd6FlLvGV1VU0x7bkPmmCNolxzjMf4NczoDnQcIWrAF+cPtZn5i6n+RfD2d9i0tzpKnG6Yk168yIyw==", "dependencies": { - "is-core-module": "^2.8.1", + "is-core-module": "^2.13.0", "path-parse": "^1.0.7", "supports-preserve-symlinks-flag": "^1.0.0" }, @@ -21524,6 +21669,28 @@ "tslib": "^2.1.0" } }, + "node_modules/safe-array-concat": { + "version": "1.0.1", + "resolved": "https://registry.npmjs.org/safe-array-concat/-/safe-array-concat-1.0.1.tgz", + "integrity": "sha512-6XbUAseYE2KtOuGueyeobCySj9L4+66Tn6KQMOPQJrAJEowYKW/YR/MGJZl7FdydUdaFu4LYyDZjxf4/Nmo23Q==", + "dependencies": { + "call-bind": "^1.0.2", + "get-intrinsic": "^1.2.1", + "has-symbols": "^1.0.3", + "isarray": "^2.0.5" + }, + "engines": { + "node": ">=0.4" + }, + "funding": { + "url": "https://github.com/sponsors/ljharb" + } + }, + "node_modules/safe-array-concat/node_modules/isarray": { + "version": "2.0.5", + "resolved": "https://registry.npmjs.org/isarray/-/isarray-2.0.5.tgz", + "integrity": "sha512-xHjhDr3cNBK0BzdUJSPXZntQUx/mwMS5Rw4A7lPJ90XGAO6ISP/ePDNuo0vhqOZU+UD5JoodwCAAoZQd3FeAKw==" + }, "node_modules/safe-buffer": { "version": "5.2.1", "resolved": "https://registry.npmjs.org/safe-buffer/-/safe-buffer-5.2.1.tgz", @@ -21833,6 +22000,33 @@ "resolved": "https://registry.npmjs.org/set-blocking/-/set-blocking-2.0.0.tgz", "integrity": "sha1-BF+XgtARrppoA93TgrJDkrPYkPc=" }, + "node_modules/set-function-length": { + "version": "1.1.1", + "resolved": "https://registry.npmjs.org/set-function-length/-/set-function-length-1.1.1.tgz", + "integrity": "sha512-VoaqjbBJKiWtg4yRcKBQ7g7wnGnLV3M8oLvVWwOk2PdYY6PEFegR1vezXR0tw6fZGF9csVakIRjrJiy2veSBFQ==", + "dependencies": { + "define-data-property": "^1.1.1", + "get-intrinsic": "^1.2.1", + "gopd": "^1.0.1", + "has-property-descriptors": "^1.0.0" + }, + "engines": { + "node": ">= 0.4" + } + }, + "node_modules/set-function-name": { + "version": "2.0.1", + "resolved": "https://registry.npmjs.org/set-function-name/-/set-function-name-2.0.1.tgz", + "integrity": "sha512-tMNCiqYVkXIZgc2Hnoy2IvC/f8ezc5koaRFkCjrpWzGpCd3qbZXPzVy9MAZzK1ch/X0jvSkojys3oqJN0qCmdA==", + "dependencies": { + "define-data-property": "^1.0.1", + "functions-have-names": "^1.2.3", + "has-property-descriptors": "^1.0.0" + }, + "engines": { + "node": ">= 0.4" + } + }, "node_modules/setimmediate": { "version": "1.0.5", "resolved": "https://registry.npmjs.org/setimmediate/-/setimmediate-1.0.5.tgz", @@ -22420,27 +22614,43 @@ "resolved": "https://registry.npmjs.org/emoji-regex/-/emoji-regex-8.0.0.tgz", "integrity": "sha512-MSjYzcWNOA0ewAHpz0MxpYFvwg6yjy1NG3xteoqz644VCo/RPgnr1/GGt+ic3iJTzQ8Eu3TdM14SawnVUmGE6A==" }, + "node_modules/string.prototype.trim": { + "version": "1.2.8", + "resolved": "https://registry.npmjs.org/string.prototype.trim/-/string.prototype.trim-1.2.8.tgz", + "integrity": "sha512-lfjY4HcixfQXOfaqCvcBuOIapyaroTXhbkfJN3gcB1OtyupngWK4sEET9Knd0cXd28kTUqu/kHoV4HKSJdnjiQ==", + "dependencies": { + "call-bind": "^1.0.2", + "define-properties": "^1.2.0", + "es-abstract": "^1.22.1" + }, + "engines": { + "node": ">= 0.4" + }, + "funding": { + "url": "https://github.com/sponsors/ljharb" + } + }, "node_modules/string.prototype.trimend": { - "version": "1.0.6", - "resolved": "https://registry.npmjs.org/string.prototype.trimend/-/string.prototype.trimend-1.0.6.tgz", - "integrity": "sha512-JySq+4mrPf9EsDBEDYMOb/lM7XQLulwg5R/m1r0PXEFqrV0qHvl58sdTilSXtKOflCsK2E8jxf+GKC0T07RWwQ==", + "version": "1.0.7", + "resolved": "https://registry.npmjs.org/string.prototype.trimend/-/string.prototype.trimend-1.0.7.tgz", + "integrity": "sha512-Ni79DqeB72ZFq1uH/L6zJ+DKZTkOtPIHovb3YZHQViE+HDouuU4mBrLOLDn5Dde3RF8qw5qVETEjhu9locMLvA==", "dependencies": { "call-bind": "^1.0.2", - "define-properties": "^1.1.4", - "es-abstract": "^1.20.4" + "define-properties": "^1.2.0", + "es-abstract": "^1.22.1" }, "funding": { "url": "https://github.com/sponsors/ljharb" } }, "node_modules/string.prototype.trimstart": { - "version": "1.0.6", - "resolved": "https://registry.npmjs.org/string.prototype.trimstart/-/string.prototype.trimstart-1.0.6.tgz", - "integrity": "sha512-omqjMDaY92pbn5HOX7f9IccLA+U1tA9GvtU4JrodiXFfYB7jPzzHpRzpglLAjtUV6bB557zwClJezTqnAiYnQA==", + "version": "1.0.7", + "resolved": "https://registry.npmjs.org/string.prototype.trimstart/-/string.prototype.trimstart-1.0.7.tgz", + "integrity": "sha512-NGhtDFu3jCEm7B4Fy0DpLewdJQOZcQ0rGbwQ/+stjnrp2i+rlKeCvos9hOIeCmqwratM47OBxY7uFZzjxHXmrg==", "dependencies": { "call-bind": "^1.0.2", - "define-properties": "^1.1.4", - "es-abstract": "^1.20.4" + "define-properties": "^1.2.0", + "es-abstract": "^1.22.1" }, "funding": { "url": "https://github.com/sponsors/ljharb" @@ -23803,6 +24013,67 @@ "node": ">= 0.6" } }, + "node_modules/typed-array-buffer": { + "version": "1.0.0", + "resolved": "https://registry.npmjs.org/typed-array-buffer/-/typed-array-buffer-1.0.0.tgz", + "integrity": "sha512-Y8KTSIglk9OZEr8zywiIHG/kmQ7KWyjseXs1CbSo8vC42w7hg2HgYTxSWwP0+is7bWDc1H+Fo026CpHFwm8tkw==", + "dependencies": { + "call-bind": "^1.0.2", + "get-intrinsic": "^1.2.1", + "is-typed-array": "^1.1.10" + }, + "engines": { + "node": ">= 0.4" + } + }, + "node_modules/typed-array-byte-length": { + "version": "1.0.0", + "resolved": "https://registry.npmjs.org/typed-array-byte-length/-/typed-array-byte-length-1.0.0.tgz", + "integrity": "sha512-Or/+kvLxNpeQ9DtSydonMxCx+9ZXOswtwJn17SNLvhptaXYDJvkFFP5zbfU/uLmvnBJlI4yrnXRxpdWH/M5tNA==", + "dependencies": { + "call-bind": "^1.0.2", + "for-each": "^0.3.3", + "has-proto": "^1.0.1", + "is-typed-array": "^1.1.10" + }, + "engines": { + "node": ">= 0.4" + }, + "funding": { + "url": "https://github.com/sponsors/ljharb" + } + }, + "node_modules/typed-array-byte-offset": { + "version": "1.0.0", + "resolved": "https://registry.npmjs.org/typed-array-byte-offset/-/typed-array-byte-offset-1.0.0.tgz", + "integrity": "sha512-RD97prjEt9EL8YgAgpOkf3O4IF9lhJFr9g0htQkm0rchFp/Vx7LW5Q8fSXXub7BXAODyUQohRMyOc3faCPd0hg==", + "dependencies": { + "available-typed-arrays": "^1.0.5", + "call-bind": "^1.0.2", + "for-each": "^0.3.3", + "has-proto": "^1.0.1", + "is-typed-array": "^1.1.10" + }, + "engines": { + "node": ">= 0.4" + }, + "funding": { + "url": "https://github.com/sponsors/ljharb" + } + }, + "node_modules/typed-array-length": { + "version": "1.0.4", + "resolved": "https://registry.npmjs.org/typed-array-length/-/typed-array-length-1.0.4.tgz", + "integrity": "sha512-KjZypGq+I/H7HI5HlOoGHkWUUGq+Q0TPhQurLbyrVrvnKTBgzLhIJ7j6J/XTQOi0d1RjyZ0wdas8bKs2p0x3Ng==", + "dependencies": { + "call-bind": "^1.0.2", + "for-each": "^0.3.3", + "is-typed-array": "^1.1.9" + }, + "funding": { + "url": "https://github.com/sponsors/ljharb" + } + }, "node_modules/typedarray": { "version": "0.0.6", "resolved": "https://registry.npmjs.org/typedarray/-/typedarray-0.0.6.tgz", @@ -24388,16 +24659,15 @@ "integrity": "sha1-u6Y8qGGUiZT/MHc2CJ47lgJsKk8=" }, "node_modules/which-typed-array": { - "version": "1.1.9", - "resolved": "https://registry.npmjs.org/which-typed-array/-/which-typed-array-1.1.9.tgz", - "integrity": "sha512-w9c4xkx6mPidwp7180ckYWfMmvxpjlZuIudNtDf4N/tTAUB8VJbX25qZoAsrtGuYNnGw3pa0AXgbGKRB8/EceA==", + "version": "1.1.13", + "resolved": "https://registry.npmjs.org/which-typed-array/-/which-typed-array-1.1.13.tgz", + "integrity": "sha512-P5Nra0qjSncduVPEAr7xhoF5guty49ArDTwzJ/yNuPIbZppyRxFQsRCWrocxIY+CnMVG+qfbU2FmDKyvSGClow==", "dependencies": { "available-typed-arrays": "^1.0.5", - "call-bind": "^1.0.2", + "call-bind": "^1.0.4", "for-each": "^0.3.3", "gopd": "^1.0.1", - "has-tostringtag": "^1.0.0", - "is-typed-array": "^1.1.10" + "has-tostringtag": "^1.0.0" }, "engines": { "node": ">= 0.4" @@ -29984,21 +30254,30 @@ "@babel/runtime-corejs3": "^7.10.2" } }, + "array-buffer-byte-length": { + "version": "1.0.0", + "resolved": "https://registry.npmjs.org/array-buffer-byte-length/-/array-buffer-byte-length-1.0.0.tgz", + "integrity": "sha512-LPuwb2P+NrQw3XhxGc36+XSvuBPopovXYTR9Ew++Du9Yb/bx5AzBfrIsBoj0EZUifjQU+sHL21sseZ3jerWO/A==", + "requires": { + "call-bind": "^1.0.2", + "is-array-buffer": "^3.0.1" + } + }, "array-flatten": { "version": "1.1.1", "resolved": "https://registry.npmjs.org/array-flatten/-/array-flatten-1.1.1.tgz", "integrity": "sha1-ml9pkFGx5wczKPKgCJaLZOopVdI=" }, "array-includes": { - "version": "3.1.6", - "resolved": "https://registry.npmjs.org/array-includes/-/array-includes-3.1.6.tgz", - "integrity": "sha512-sgTbLvL6cNnw24FnbaDyjmvddQ2ML8arZsgaJhoABMoplz/4QRhtrYS+alr1BUM1Bwp6dhx8vVCBSLG+StwOFw==", + "version": "3.1.7", + "resolved": "https://registry.npmjs.org/array-includes/-/array-includes-3.1.7.tgz", + "integrity": "sha512-dlcsNBIiWhPkHdOEEKnehA+RNUWDc4UqFtnIXU4uuYDPtA4LDkr7qip2p0VvFAEXNDr0yWZ9PJyIRiGjRLQzwQ==", "dev": true, "requires": { "call-bind": "^1.0.2", - "define-properties": "^1.1.4", - "es-abstract": "^1.20.4", - "get-intrinsic": "^1.1.3", + "define-properties": "^1.2.0", + "es-abstract": "^1.22.1", + "get-intrinsic": "^1.2.1", "is-string": "^1.0.7" } }, @@ -30023,15 +30302,55 @@ "resolved": "https://registry.npmjs.org/array-union/-/array-union-2.1.0.tgz", "integrity": "sha512-HGyxoOTYUyCM6stUe6EJgnd4EoewAI7zMdfqO+kGjnlZmBDz/cR5pf8r/cR4Wq60sL/p0IkcjUEEPwS3GFrIyw==" }, + "array.prototype.findlastindex": { + "version": "1.2.3", + "resolved": "https://registry.npmjs.org/array.prototype.findlastindex/-/array.prototype.findlastindex-1.2.3.tgz", + "integrity": "sha512-LzLoiOMAxvy+Gd3BAq3B7VeIgPdo+Q8hthvKtXybMvRV0jrXfJM/t8mw7nNlpEcVlVUnCnM2KSX4XU5HmpodOA==", + "dev": true, + "requires": { + "call-bind": "^1.0.2", + "define-properties": "^1.2.0", + "es-abstract": "^1.22.1", + "es-shim-unscopables": "^1.0.0", + "get-intrinsic": "^1.2.1" + } + }, "array.prototype.flat": { - "version": "1.2.5", - "resolved": "https://registry.npmjs.org/array.prototype.flat/-/array.prototype.flat-1.2.5.tgz", - "integrity": "sha512-KaYU+S+ndVqyUnignHftkwc58o3uVU1jzczILJ1tN2YaIZpFIKBiP/x/j97E5MVPsaCloPbqWLB/8qCTVvT2qg==", + "version": "1.3.2", + "resolved": "https://registry.npmjs.org/array.prototype.flat/-/array.prototype.flat-1.3.2.tgz", + "integrity": "sha512-djYB+Zx2vLewY8RWlNCUdHjDXs2XOgm602S9E7P/UpHgfeHL00cRiIF+IN/G/aUJ7kGPb6yO/ErDI5V2s8iycA==", "dev": true, "requires": { "call-bind": "^1.0.2", - "define-properties": "^1.1.3", - "es-abstract": "^1.19.0" + "define-properties": "^1.2.0", + "es-abstract": "^1.22.1", + "es-shim-unscopables": "^1.0.0" + } + }, + "array.prototype.flatmap": { + "version": "1.3.2", + "resolved": "https://registry.npmjs.org/array.prototype.flatmap/-/array.prototype.flatmap-1.3.2.tgz", + "integrity": "sha512-Ewyx0c9PmpcsByhSW4r+9zDU7sGjFc86qf/kKtuSCRdhfbk0SNLLkaT5qvcHnRGgc5NP/ly/y+qkXkqONX54CQ==", + "dev": true, + "requires": { + "call-bind": "^1.0.2", + "define-properties": "^1.2.0", + "es-abstract": "^1.22.1", + "es-shim-unscopables": "^1.0.0" + } + }, + "arraybuffer.prototype.slice": { + "version": "1.0.2", + "resolved": "https://registry.npmjs.org/arraybuffer.prototype.slice/-/arraybuffer.prototype.slice-1.0.2.tgz", + "integrity": "sha512-yMBKppFur/fbHu9/6USUe03bZ4knMYiwFBcyiaXB8Go0qNehwX6inYPzK9U0NeQvGxKthcmHcaR8P5MStSRBAw==", + "requires": { + "array-buffer-byte-length": "^1.0.0", + "call-bind": "^1.0.2", + "define-properties": "^1.2.0", + "es-abstract": "^1.22.1", + "get-intrinsic": "^1.2.1", + "is-array-buffer": "^3.0.2", + "is-shared-array-buffer": "^1.0.2" } }, "asap": { @@ -30702,12 +31021,13 @@ } }, "call-bind": { - "version": "1.0.2", - "resolved": "https://registry.npmjs.org/call-bind/-/call-bind-1.0.2.tgz", - "integrity": "sha512-7O+FbCihrB5WGbFYesctwmTKae6rOiIzmz1icreWJ+0aA7LJfuqhEso2T9ncpcFtzMQtzXf2QGGueWJGTYsqrA==", + "version": "1.0.5", + "resolved": "https://registry.npmjs.org/call-bind/-/call-bind-1.0.5.tgz", + "integrity": "sha512-C3nQxfFZxFRVoJoGKKI8y3MOEo129NQ+FgQ08iye+Mk4zNZZGdjfs06bVTr+DBSlA66Q2VEcMki/cUCP4SercQ==", "requires": { - "function-bind": "^1.1.1", - "get-intrinsic": "^1.0.2" + "function-bind": "^1.1.2", + "get-intrinsic": "^1.2.1", + "set-function-length": "^1.1.1" } }, "call-me-maybe": { @@ -31898,6 +32218,16 @@ } } }, + "define-data-property": { + "version": "1.1.1", + "resolved": "https://registry.npmjs.org/define-data-property/-/define-data-property-1.1.1.tgz", + "integrity": "sha512-E7uGkTzkk1d0ByLeSc6ZsFS79Axg+m1P/VsgYsxHgiuc3tFSj+MjMIwe90FC4lOAZzNBdY7kkO2P2wKdsQ1vgQ==", + "requires": { + "get-intrinsic": "^1.2.1", + "gopd": "^1.0.1", + "has-property-descriptors": "^1.0.0" + } + }, "define-lazy-prop": { "version": "2.0.0", "resolved": "https://registry.npmjs.org/define-lazy-prop/-/define-lazy-prop-2.0.0.tgz", @@ -31905,10 +32235,11 @@ "dev": true }, "define-properties": { - "version": "1.1.4", - "resolved": "https://registry.npmjs.org/define-properties/-/define-properties-1.1.4.tgz", - "integrity": "sha512-uckOqKcfaVvtBdsVkdPv3XjveQJsNQqmhXgRi8uhvWWuPYZCNlzT8qAyblUgNoXdHdjMTzAqeGjAoli8f+bzPA==", + "version": "1.2.1", + "resolved": "https://registry.npmjs.org/define-properties/-/define-properties-1.2.1.tgz", + "integrity": "sha512-8QmQKqEASLd5nx0U1B1okLElbUuuttJ/AnYmRXbbbGDWh6uS208EjD4Xqq/I9wK7u0v6O08XhTWnt5XtEbR6Dg==", "requires": { + "define-data-property": "^1.0.1", "has-property-descriptors": "^1.0.0", "object-keys": "^1.1.1" } @@ -32243,35 +32574,49 @@ } }, "es-abstract": { - "version": "1.20.5", - "resolved": "https://registry.npmjs.org/es-abstract/-/es-abstract-1.20.5.tgz", - "integrity": "sha512-7h8MM2EQhsCA7pU/Nv78qOXFpD8Rhqd12gYiSJVkrH9+e8VuA8JlPJK/hQjjlLv6pJvx/z1iRFKzYb0XT/RuAQ==", + "version": "1.22.3", + "resolved": "https://registry.npmjs.org/es-abstract/-/es-abstract-1.22.3.tgz", + "integrity": "sha512-eiiY8HQeYfYH2Con2berK+To6GrK2RxbPawDkGq4UiCQQfZHb6wX9qQqkbpPqaxQFcl8d9QzZqo0tGE0VcrdwA==", "requires": { - "call-bind": "^1.0.2", + "array-buffer-byte-length": "^1.0.0", + "arraybuffer.prototype.slice": "^1.0.2", + "available-typed-arrays": "^1.0.5", + "call-bind": "^1.0.5", + "es-set-tostringtag": "^2.0.1", "es-to-primitive": "^1.2.1", - "function-bind": "^1.1.1", - "function.prototype.name": "^1.1.5", - "get-intrinsic": "^1.1.3", + "function.prototype.name": "^1.1.6", + "get-intrinsic": "^1.2.2", "get-symbol-description": "^1.0.0", + "globalthis": "^1.0.3", "gopd": "^1.0.1", - "has": "^1.0.3", "has-property-descriptors": "^1.0.0", + "has-proto": "^1.0.1", "has-symbols": "^1.0.3", - "internal-slot": "^1.0.3", + "hasown": "^2.0.0", + "internal-slot": "^1.0.5", + "is-array-buffer": "^3.0.2", "is-callable": "^1.2.7", "is-negative-zero": "^2.0.2", "is-regex": "^1.1.4", "is-shared-array-buffer": "^1.0.2", "is-string": "^1.0.7", + "is-typed-array": "^1.1.12", "is-weakref": "^1.0.2", - "object-inspect": "^1.12.2", + "object-inspect": "^1.13.1", "object-keys": "^1.1.1", "object.assign": "^4.1.4", - "regexp.prototype.flags": "^1.4.3", + "regexp.prototype.flags": "^1.5.1", + "safe-array-concat": "^1.0.1", "safe-regex-test": "^1.0.0", - "string.prototype.trimend": "^1.0.6", - "string.prototype.trimstart": "^1.0.6", - "unbox-primitive": "^1.0.2" + "string.prototype.trim": "^1.2.8", + "string.prototype.trimend": "^1.0.7", + "string.prototype.trimstart": "^1.0.7", + "typed-array-buffer": "^1.0.0", + "typed-array-byte-length": "^1.0.0", + "typed-array-byte-offset": "^1.0.0", + "typed-array-length": "^1.0.4", + "unbox-primitive": "^1.0.2", + "which-typed-array": "^1.1.13" } }, "es-module-lexer": { @@ -32280,6 +32625,25 @@ "integrity": "sha512-vZK7T0N2CBmBOixhmjdqx2gWVbFZ4DXZ/NyRMZVlJXPa7CyFS+/a4QQsDGDQy9ZfEzxFuNEsMLeQJnKP2p5/JA==", "dev": true }, + "es-set-tostringtag": { + "version": "2.0.2", + "resolved": "https://registry.npmjs.org/es-set-tostringtag/-/es-set-tostringtag-2.0.2.tgz", + "integrity": "sha512-BuDyupZt65P9D2D2vA/zqcI3G5xRsklm5N3xCwuiy+/vKy8i0ifdsQP1sLgO4tZDSCaQUSnmC48khknGMV3D2Q==", + "requires": { + "get-intrinsic": "^1.2.2", + "has-tostringtag": "^1.0.0", + "hasown": "^2.0.0" + } + }, + "es-shim-unscopables": { + "version": "1.0.2", + "resolved": "https://registry.npmjs.org/es-shim-unscopables/-/es-shim-unscopables-1.0.2.tgz", + "integrity": "sha512-J3yBRXCzDu4ULnQwxyToo/OjdMx6akgVC7K6few0a7F/0wLtmKKN7I73AH5T2836UuXRqN7Qg+IIUw/+YJksRw==", + "dev": true, + "requires": { + "hasown": "^2.0.0" + } + }, "es-to-primitive": { "version": "1.2.1", "resolved": "https://registry.npmjs.org/es-to-primitive/-/es-to-primitive-1.2.1.tgz", @@ -32842,13 +33206,14 @@ "requires": {} }, "eslint-import-resolver-node": { - "version": "0.3.6", - "resolved": "https://registry.npmjs.org/eslint-import-resolver-node/-/eslint-import-resolver-node-0.3.6.tgz", - "integrity": "sha512-0En0w03NRVMn9Uiyn8YRPDKvWjxCWkslUEhGNTdGx15RvPJYQ+lbOlqrlNI2vEAs4pDYK4f/HN2TbDmk5TP0iw==", + "version": "0.3.9", + "resolved": "https://registry.npmjs.org/eslint-import-resolver-node/-/eslint-import-resolver-node-0.3.9.tgz", + "integrity": "sha512-WFj2isz22JahUv+B788TlO3N6zL3nNJGU8CcZbPZvVEkBPaJdCV4vy5wyghty5ROFbCRnm132v8BScu5/1BQ8g==", "dev": true, "requires": { "debug": "^3.2.7", - "resolve": "^1.20.0" + "is-core-module": "^2.13.0", + "resolve": "^1.22.4" }, "dependencies": { "debug": { @@ -32908,13 +33273,12 @@ } }, "eslint-module-utils": { - "version": "2.7.3", - "resolved": "https://registry.npmjs.org/eslint-module-utils/-/eslint-module-utils-2.7.3.tgz", - "integrity": "sha512-088JEC7O3lDZM9xGe0RerkOMd0EjFl+Yvd1jPWIkMT5u3H9+HC34mWWPnqPrN13gieT9pBOO+Qt07Nb/6TresQ==", + "version": "2.8.0", + "resolved": "https://registry.npmjs.org/eslint-module-utils/-/eslint-module-utils-2.8.0.tgz", + "integrity": "sha512-aWajIYfsqCKRDgUfjEXNN/JlrzauMuSEy5sbd7WXbtW3EH6A6MpwEh42c7qD+MqQo9QMJ6fWLAeIJynx0g6OAw==", "dev": true, "requires": { - "debug": "^3.2.7", - "find-up": "^2.1.0" + "debug": "^3.2.7" }, "dependencies": { "debug": { @@ -32929,33 +33293,37 @@ } }, "eslint-plugin-import": { - "version": "2.26.0", - "resolved": "https://registry.npmjs.org/eslint-plugin-import/-/eslint-plugin-import-2.26.0.tgz", - "integrity": "sha512-hYfi3FXaM8WPLf4S1cikh/r4IxnO6zrhZbEGz2b660EJRbuxgpDS5gkCuYgGWg2xxh2rBuIr4Pvhve/7c31koA==", + "version": "2.29.0", + "resolved": "https://registry.npmjs.org/eslint-plugin-import/-/eslint-plugin-import-2.29.0.tgz", + "integrity": "sha512-QPOO5NO6Odv5lpoTkddtutccQjysJuFxoPS7fAHO+9m9udNHvTCPSAMW9zGAYj8lAIdr40I8yPCdUYrncXtrwg==", "dev": true, "requires": { - "array-includes": "^3.1.4", - "array.prototype.flat": "^1.2.5", - "debug": "^2.6.9", + "array-includes": "^3.1.7", + "array.prototype.findlastindex": "^1.2.3", + "array.prototype.flat": "^1.3.2", + "array.prototype.flatmap": "^1.3.2", + "debug": "^3.2.7", "doctrine": "^2.1.0", - "eslint-import-resolver-node": "^0.3.6", - "eslint-module-utils": "^2.7.3", - "has": "^1.0.3", - "is-core-module": "^2.8.1", + "eslint-import-resolver-node": "^0.3.9", + "eslint-module-utils": "^2.8.0", + "hasown": "^2.0.0", + "is-core-module": "^2.13.1", "is-glob": "^4.0.3", "minimatch": "^3.1.2", - "object.values": "^1.1.5", - "resolve": "^1.22.0", - "tsconfig-paths": "^3.14.1" + "object.fromentries": "^2.0.7", + "object.groupby": "^1.0.1", + "object.values": "^1.1.7", + "semver": "^6.3.1", + "tsconfig-paths": "^3.14.2" }, "dependencies": { "debug": { - "version": "2.6.9", - "resolved": "https://registry.npmjs.org/debug/-/debug-2.6.9.tgz", - "integrity": "sha512-bC7ElrdJaJnPbAP+1EotYvqZsb3ecl5wi6Bfi6BJTUcNowp6cvspg0jXznRTKDjm/E7AdgFBVeAPVMNcKGsHMA==", + "version": "3.2.7", + "resolved": "https://registry.npmjs.org/debug/-/debug-3.2.7.tgz", + "integrity": "sha512-CFjzYYAi4ThfiQvizrFQevTTXHtnCqWfe7x1AhgEscTz6ZbLbfoLRLPugTQyBth6f8ZERVUSyWHFD/7Wu4t1XQ==", "dev": true, "requires": { - "ms": "2.0.0" + "ms": "^2.1.1" } }, "doctrine": { @@ -32976,10 +33344,10 @@ "minimist": "^1.2.0" } }, - "ms": { - "version": "2.0.0", - "resolved": "https://registry.npmjs.org/ms/-/ms-2.0.0.tgz", - "integrity": "sha1-VgiurfwAvmwpAd9fmGF4jeDVl8g=", + "semver": { + "version": "6.3.1", + "resolved": "https://registry.npmjs.org/semver/-/semver-6.3.1.tgz", + "integrity": "sha512-BR7VvDCVHO+q2xBEWskxS6DJE1qRnb7DxzUrogb71CWoSficBxYsiAGd+Kl0mmq/MprG9yArRkyrQxTO6XjMzA==", "dev": true }, "strip-bom": { @@ -32989,13 +33357,13 @@ "dev": true }, "tsconfig-paths": { - "version": "3.14.1", - "resolved": "https://registry.npmjs.org/tsconfig-paths/-/tsconfig-paths-3.14.1.tgz", - "integrity": "sha512-fxDhWnFSLt3VuTwtvJt5fpwxBHg5AdKWMsgcPOOIilyjymcYVZoCQF8fvFRezCNfblEXmi+PcM1eYHeOAgXCOQ==", + "version": "3.14.2", + "resolved": "https://registry.npmjs.org/tsconfig-paths/-/tsconfig-paths-3.14.2.tgz", + "integrity": "sha512-o/9iXgCYc5L/JxCHPe3Hvh8Q/2xm5Z+p18PESBU6Ff33695QnCHBEjcytY2q19ua7Mbl/DavtBOLq+oG0RCL+g==", "dev": true, "requires": { "@types/json5": "^0.0.29", - "json5": "^1.0.1", + "json5": "^1.0.2", "minimist": "^1.2.6", "strip-bom": "^3.0.0" } @@ -33721,15 +34089,6 @@ "pkg-dir": "^4.1.0" } }, - "find-up": { - "version": "2.1.0", - "resolved": "https://registry.npmjs.org/find-up/-/find-up-2.1.0.tgz", - "integrity": "sha1-RdG35QbHF93UgndaK3eSCjwMV6c=", - "dev": true, - "requires": { - "locate-path": "^2.0.0" - } - }, "fishery": { "version": "2.2.2", "resolved": "https://registry.npmjs.org/fishery/-/fishery-2.2.2.tgz", @@ -33975,19 +34334,19 @@ } }, "function-bind": { - "version": "1.1.1", - "resolved": "https://registry.npmjs.org/function-bind/-/function-bind-1.1.1.tgz", - "integrity": "sha512-yIovAzMX49sF8Yl58fSCWJ5svSLuaibPxXQJFLmBObTuCr0Mf1KiPopGM9NiFjiYBCbfaa2Fh6breQ6ANVTI0A==" + "version": "1.1.2", + "resolved": "https://registry.npmjs.org/function-bind/-/function-bind-1.1.2.tgz", + "integrity": "sha512-7XHNxH7qX9xG5mIwxkhumTox/MIRNcOgDrxWsMt2pAr23WHp6MrRlN7FBSFpCpr+oVO0F744iUgR82nJMfG2SA==" }, "function.prototype.name": { - "version": "1.1.5", - "resolved": "https://registry.npmjs.org/function.prototype.name/-/function.prototype.name-1.1.5.tgz", - "integrity": "sha512-uN7m/BzVKQnCUF/iW8jYea67v++2u7m5UgENbHRtdDVclOUP+FMPlCNdmk0h/ysGyo2tavMJEDqJAkJdRa1vMA==", + "version": "1.1.6", + "resolved": "https://registry.npmjs.org/function.prototype.name/-/function.prototype.name-1.1.6.tgz", + "integrity": "sha512-Z5kx79swU5P27WEayXM1tBi5Ze/lbIyiNgU3qyXUOf9b2rgXYyF9Dy9Cx+IQv/Lc8WCG6L82zwUPpSS9hGehIg==", "requires": { "call-bind": "^1.0.2", - "define-properties": "^1.1.3", - "es-abstract": "^1.19.0", - "functions-have-names": "^1.2.2" + "define-properties": "^1.2.0", + "es-abstract": "^1.22.1", + "functions-have-names": "^1.2.3" } }, "functional-red-black-tree": { @@ -34038,13 +34397,14 @@ "dev": true }, "get-intrinsic": { - "version": "1.1.3", - "resolved": "https://registry.npmjs.org/get-intrinsic/-/get-intrinsic-1.1.3.tgz", - "integrity": "sha512-QJVz1Tj7MS099PevUG5jvnt9tSkXN8K14dxQlikJuPt4uD9hHAHjLyLBiLR5zELelBdD9QNRAXZzsJx0WaDL9A==", + "version": "1.2.2", + "resolved": "https://registry.npmjs.org/get-intrinsic/-/get-intrinsic-1.2.2.tgz", + "integrity": "sha512-0gSo4ml/0j98Y3lngkFEot/zhiCeWsbYIlZ+uZOVgzLyLaUw7wxUL+nCTP0XJvJg1AXulJRI3UJi8GsbDuxdGA==", "requires": { - "function-bind": "^1.1.1", - "has": "^1.0.3", - "has-symbols": "^1.0.3" + "function-bind": "^1.1.2", + "has-proto": "^1.0.1", + "has-symbols": "^1.0.3", + "hasown": "^2.0.0" } }, "get-package-type": { @@ -34121,6 +34481,14 @@ "integrity": "sha512-WOBp/EEGUiIsJSp7wcv/y6MO+lV9UoncWqxuFfm8eBwzWNgyfBd6Gz+IeKQ9jCmyhoH99g15M3T+QaVHFjizVA==", "dev": true }, + "globalthis": { + "version": "1.0.3", + "resolved": "https://registry.npmjs.org/globalthis/-/globalthis-1.0.3.tgz", + "integrity": "sha512-sFdI5LyBiNTHjRd7cGPWapiHWMOXKyuBNX/cWJ3NfzrZQVa8GI/8cofCl74AOVqq9W5kNmguTIzJ/1s2gyI9wA==", + "requires": { + "define-properties": "^1.1.3" + } + }, "globalyzer": { "version": "0.1.0", "resolved": "https://registry.npmjs.org/globalyzer/-/globalyzer-0.1.0.tgz", @@ -34256,6 +34624,7 @@ "version": "1.0.3", "resolved": "https://registry.npmjs.org/has/-/has-1.0.3.tgz", "integrity": "sha512-f2dvO0VU6Oej7RkWJGrehjbzMAjFp5/VKPp5tTpWIV4JHHZK1/BxbFRtf/siA2SWTe09caDmVtYYzWEIbBS4zw==", + "dev": true, "requires": { "function-bind": "^1.1.1" } @@ -34284,6 +34653,11 @@ "get-intrinsic": "^1.1.1" } }, + "has-proto": { + "version": "1.0.1", + "resolved": "https://registry.npmjs.org/has-proto/-/has-proto-1.0.1.tgz", + "integrity": "sha512-7qE+iP+O+bgF9clE5+UoBFzE65mlBiVj3tKCrlNQ0Ogwm0BjpT/gK4SlLYDMybDh5I3TCTKnPPa0oMG7JDYrhg==" + }, "has-symbols": { "version": "1.0.3", "resolved": "https://registry.npmjs.org/has-symbols/-/has-symbols-1.0.3.tgz", @@ -34322,6 +34696,14 @@ } } }, + "hasown": { + "version": "2.0.0", + "resolved": "https://registry.npmjs.org/hasown/-/hasown-2.0.0.tgz", + "integrity": "sha512-vUptKVTpIJhcczKBbgnS+RtcuYMB8+oNzPK2/Hp3hanz8JmpATdmmgLgSaadVREkDm+e2giHwY3ZRkyjSIDDFA==", + "requires": { + "function-bind": "^1.1.2" + } + }, "he": { "version": "1.2.0", "resolved": "https://registry.npmjs.org/he/-/he-1.2.0.tgz", @@ -34601,12 +34983,12 @@ } }, "internal-slot": { - "version": "1.0.3", - "resolved": "https://registry.npmjs.org/internal-slot/-/internal-slot-1.0.3.tgz", - "integrity": "sha512-O0DB1JC/sPyZl7cIo78n5dR7eUSwwpYPiXRhTzNxZVAMUuB8vlnRFyLxdrVToks6XPLVnFfbzaVd5WLjhgg+vA==", + "version": "1.0.6", + "resolved": "https://registry.npmjs.org/internal-slot/-/internal-slot-1.0.6.tgz", + "integrity": "sha512-Xj6dv+PsbtwyPpEflsejS+oIZxmMlV44zAhG479uYu89MsjcYOhCFnNyKrkJrihbsiasQyY0afoCl/9BLR65bg==", "requires": { - "get-intrinsic": "^1.1.0", - "has": "^1.0.3", + "get-intrinsic": "^1.2.2", + "hasown": "^2.0.0", "side-channel": "^1.0.4" } }, @@ -34645,6 +35027,16 @@ "has-tostringtag": "^1.0.0" } }, + "is-array-buffer": { + "version": "3.0.2", + "resolved": "https://registry.npmjs.org/is-array-buffer/-/is-array-buffer-3.0.2.tgz", + "integrity": "sha512-y+FyyR/w8vfIRq4eQcM1EYgSTnmHXPqaF+IgzgraytCFq5Xh8lllDVmAZolPJiZttZLeFSINPYMaEJ7/vWUa1w==", + "requires": { + "call-bind": "^1.0.2", + "get-intrinsic": "^1.2.0", + "is-typed-array": "^1.1.10" + } + }, "is-arrayish": { "version": "0.2.1", "resolved": "https://registry.npmjs.org/is-arrayish/-/is-arrayish-0.2.1.tgz", @@ -34687,11 +35079,11 @@ "integrity": "sha512-1BC0BVFhS/p0qtw6enp8e+8OD0UrK0oFLztSjNzhcKA3WDuJxxAPXzPuPtKkjEY9UUoEWlX/8fgKeu2S8i9JTA==" }, "is-core-module": { - "version": "2.11.0", - "resolved": "https://registry.npmjs.org/is-core-module/-/is-core-module-2.11.0.tgz", - "integrity": "sha512-RRjxlvLDkD1YJwDbroBHMb+cukurkDWNyHx7D3oNB5x9rb5ogcksMC5wHCadcXoo67gVr/+3GFySh3134zi6rw==", + "version": "2.13.1", + "resolved": "https://registry.npmjs.org/is-core-module/-/is-core-module-2.13.1.tgz", + "integrity": "sha512-hHrIjvZsftOsvKSn2TRYl63zvxsgE0K+0mYMoH6gD4omR5IWB2KynivBQczo3+wF1cCkjzvptnI9Q0sPU66ilw==", "requires": { - "has": "^1.0.3" + "hasown": "^2.0.0" } }, "is-date-object": { @@ -34837,15 +35229,11 @@ } }, "is-typed-array": { - "version": "1.1.10", - "resolved": "https://registry.npmjs.org/is-typed-array/-/is-typed-array-1.1.10.tgz", - "integrity": "sha512-PJqgEHiWZvMpaFZ3uTc8kHPM4+4ADTlDniuQL7cU/UDA0Ql7F70yGfHph3cLNe+c9toaigv+DFzTJKhc2CtO6A==", + "version": "1.1.12", + "resolved": "https://registry.npmjs.org/is-typed-array/-/is-typed-array-1.1.12.tgz", + "integrity": "sha512-Z14TF2JNG8Lss5/HMqt0//T9JeHXttXy5pH/DBU4vi98ozO2btxzq9MwYDZYnKwU8nRsz/+GVFVRDq3DkVuSPg==", "requires": { - "available-typed-arrays": "^1.0.5", - "call-bind": "^1.0.2", - "for-each": "^0.3.3", - "gopd": "^1.0.1", - "has-tostringtag": "^1.0.0" + "which-typed-array": "^1.1.11" } }, "is-typedarray": { @@ -36935,16 +37323,6 @@ "integrity": "sha512-92+huvxMvYlMzMt0iIOukcwYBFpkYJdpl2xsZ7LrlayO7E8SOv+JJUEK17B/dJIHAOLMfh2dZZ/Y18WgmGtYNw==", "dev": true }, - "locate-path": { - "version": "2.0.0", - "resolved": "https://registry.npmjs.org/locate-path/-/locate-path-2.0.0.tgz", - "integrity": "sha1-K1aLJl7slExtnA3pw9u7ygNUzY4=", - "dev": true, - "requires": { - "p-locate": "^2.0.0", - "path-exists": "^3.0.0" - } - }, "lodash": { "version": "4.17.21", "resolved": "https://registry.npmjs.org/lodash/-/lodash-4.17.21.tgz", @@ -38968,9 +39346,9 @@ "integrity": "sha1-IQmtx5ZYh8/AXLvUQsrIv7s2CGM=" }, "object-inspect": { - "version": "1.12.2", - "resolved": "https://registry.npmjs.org/object-inspect/-/object-inspect-1.12.2.tgz", - "integrity": "sha512-z+cPxW0QGUp0mcqcsgQyLVRDoXFQbXOwBaqyF7VIgI4TWNQsDHrBpUQslRmIfAoYWdYzs6UlKJtB2XJpTaNSpQ==" + "version": "1.13.1", + "resolved": "https://registry.npmjs.org/object-inspect/-/object-inspect-1.13.1.tgz", + "integrity": "sha512-5qoj1RUiKOMsCCNLV1CBiPYE10sziTsnmNxkAI/rZhiD63CF7IqdFGC/XzjWjpSgLf0LxXX3bDFIh0E18f6UhQ==" }, "object-keys": { "version": "1.1.1", @@ -38999,15 +39377,38 @@ "es-abstract": "^1.19.1" } }, + "object.fromentries": { + "version": "2.0.7", + "resolved": "https://registry.npmjs.org/object.fromentries/-/object.fromentries-2.0.7.tgz", + "integrity": "sha512-UPbPHML6sL8PI/mOqPwsH4G6iyXcCGzLin8KvEPenOZN5lpCNBZZQ+V62vdjB1mQHrmqGQt5/OJzemUA+KJmEA==", + "dev": true, + "requires": { + "call-bind": "^1.0.2", + "define-properties": "^1.2.0", + "es-abstract": "^1.22.1" + } + }, + "object.groupby": { + "version": "1.0.1", + "resolved": "https://registry.npmjs.org/object.groupby/-/object.groupby-1.0.1.tgz", + "integrity": "sha512-HqaQtqLnp/8Bn4GL16cj+CUYbnpe1bh0TtEaWvybszDG4tgxCJuRpV8VGuvNaI1fAnI4lUJzDG55MXcOH4JZcQ==", + "dev": true, + "requires": { + "call-bind": "^1.0.2", + "define-properties": "^1.2.0", + "es-abstract": "^1.22.1", + "get-intrinsic": "^1.2.1" + } + }, "object.values": { - "version": "1.1.5", - "resolved": "https://registry.npmjs.org/object.values/-/object.values-1.1.5.tgz", - "integrity": "sha512-QUZRW0ilQ3PnPpbNtgdNV1PDbEqLIiSFB3l+EnGtBQ/8SUTLj1PZwtQHABZtLgwpJZTSZhuGLOGk57Drx2IvYg==", + "version": "1.1.7", + "resolved": "https://registry.npmjs.org/object.values/-/object.values-1.1.7.tgz", + "integrity": "sha512-aU6xnDFYT3x17e/f0IiiwlGPTy2jzMySGfUB4fq6z7CV8l85CWHDk5ErhyhpfDHhrOMwGFhSQkhMGHaIotA6Ng==", "dev": true, "requires": { "call-bind": "^1.0.2", - "define-properties": "^1.1.3", - "es-abstract": "^1.19.1" + "define-properties": "^1.2.0", + "es-abstract": "^1.22.1" } }, "on-headers": { @@ -39231,26 +39632,6 @@ "yocto-queue": "^0.1.0" } }, - "p-locate": { - "version": "2.0.0", - "resolved": "https://registry.npmjs.org/p-locate/-/p-locate-2.0.0.tgz", - "integrity": "sha1-IKAQOyIqcMj9OcwuWAaA893l7EM=", - "dev": true, - "requires": { - "p-limit": "^1.1.0" - }, - "dependencies": { - "p-limit": { - "version": "1.3.0", - "resolved": "https://registry.npmjs.org/p-limit/-/p-limit-1.3.0.tgz", - "integrity": "sha512-vvcXsLAJ9Dr5rQOPk7toZQZJApBl2K4J6dANSsEuh6QI41JYcsS/qhTGa9ErIUUgK3WNQoJYvylxvjqmiqEA9Q==", - "dev": true, - "requires": { - "p-try": "^1.0.0" - } - } - } - }, "p-map": { "version": "3.0.0", "resolved": "https://registry.npmjs.org/p-map/-/p-map-3.0.0.tgz", @@ -39260,12 +39641,6 @@ "aggregate-error": "^3.0.0" } }, - "p-try": { - "version": "1.0.0", - "resolved": "https://registry.npmjs.org/p-try/-/p-try-1.0.0.tgz", - "integrity": "sha512-U1etNYuMJoIz3ZXSrrySFjsXQTWOx2/jdi86L+2pRvph/qMKL6sbcCYdH23fqsbm8TH2Gn0OybpT4eSFlCVHww==", - "dev": true - }, "package-hash": { "version": "4.0.0", "resolved": "https://registry.npmjs.org/package-hash/-/package-hash-4.0.0.tgz", @@ -39388,12 +39763,6 @@ "resolved": "https://registry.npmjs.org/passport-strategy/-/passport-strategy-1.0.0.tgz", "integrity": "sha1-tVOaqPwiWj0a0XlHbd8ja0QPUuQ=" }, - "path-exists": { - "version": "3.0.0", - "resolved": "https://registry.npmjs.org/path-exists/-/path-exists-3.0.0.tgz", - "integrity": "sha1-zg6+ql94yxiSXqfYENe1mwEP1RU=", - "dev": true - }, "path-is-absolute": { "version": "1.0.1", "resolved": "https://registry.npmjs.org/path-is-absolute/-/path-is-absolute-1.0.1.tgz", @@ -40425,13 +40794,13 @@ "integrity": "sha512-TuAasHQNamyyJ2hb97IuBEif4qBHGjPHBS64sZwytpLEqtBQ1gPJTnOaQ6qmpET16cK14kkjbazl6+p0RRv0yw==" }, "regexp.prototype.flags": { - "version": "1.4.3", - "resolved": "https://registry.npmjs.org/regexp.prototype.flags/-/regexp.prototype.flags-1.4.3.tgz", - "integrity": "sha512-fjggEOO3slI6Wvgjwflkc4NFRCTZAu5CnNfBd5qOMYhWdn67nJBBu34/TkD++eeFmd8C9r9jfXJ27+nSiRkSUA==", + "version": "1.5.1", + "resolved": "https://registry.npmjs.org/regexp.prototype.flags/-/regexp.prototype.flags-1.5.1.tgz", + "integrity": "sha512-sy6TXMN+hnP/wMy+ISxg3krXx7BAtWVO4UouuCN/ziM9UEne0euamVNafDfvC83bRNr95y0V5iijeDQFUNpvrg==", "requires": { "call-bind": "^1.0.2", - "define-properties": "^1.1.3", - "functions-have-names": "^1.2.2" + "define-properties": "^1.2.0", + "set-function-name": "^2.0.0" } }, "regexpp": { @@ -40603,11 +40972,11 @@ "integrity": "sha1-kl0mAdOaxIXgkc8NpcbmlNw9yv8=" }, "resolve": { - "version": "1.22.0", - "resolved": "https://registry.npmjs.org/resolve/-/resolve-1.22.0.tgz", - "integrity": "sha512-Hhtrw0nLeSrFQ7phPp4OOcVjLPIeMnRlr5mcnVuMe7M/7eBn98A3hmFRLoFo3DLZkivSYwhRUJTyPyWAk56WLw==", + "version": "1.22.8", + "resolved": "https://registry.npmjs.org/resolve/-/resolve-1.22.8.tgz", + "integrity": "sha512-oKWePCxqpd6FlLvGV1VU0x7bkPmmCNolxzjMf4NczoDnQcIWrAF+cPtZn5i6n+RfD2d9i0tzpKnG6Yk168yIyw==", "requires": { - "is-core-module": "^2.8.1", + "is-core-module": "^2.13.0", "path-parse": "^1.0.7", "supports-preserve-symlinks-flag": "^1.0.0" } @@ -41102,6 +41471,24 @@ "tslib": "^2.1.0" } }, + "safe-array-concat": { + "version": "1.0.1", + "resolved": "https://registry.npmjs.org/safe-array-concat/-/safe-array-concat-1.0.1.tgz", + "integrity": "sha512-6XbUAseYE2KtOuGueyeobCySj9L4+66Tn6KQMOPQJrAJEowYKW/YR/MGJZl7FdydUdaFu4LYyDZjxf4/Nmo23Q==", + "requires": { + "call-bind": "^1.0.2", + "get-intrinsic": "^1.2.1", + "has-symbols": "^1.0.3", + "isarray": "^2.0.5" + }, + "dependencies": { + "isarray": { + "version": "2.0.5", + "resolved": "https://registry.npmjs.org/isarray/-/isarray-2.0.5.tgz", + "integrity": "sha512-xHjhDr3cNBK0BzdUJSPXZntQUx/mwMS5Rw4A7lPJ90XGAO6ISP/ePDNuo0vhqOZU+UD5JoodwCAAoZQd3FeAKw==" + } + } + }, "safe-buffer": { "version": "5.2.1", "resolved": "https://registry.npmjs.org/safe-buffer/-/safe-buffer-5.2.1.tgz", @@ -41352,6 +41739,27 @@ "resolved": "https://registry.npmjs.org/set-blocking/-/set-blocking-2.0.0.tgz", "integrity": "sha1-BF+XgtARrppoA93TgrJDkrPYkPc=" }, + "set-function-length": { + "version": "1.1.1", + "resolved": "https://registry.npmjs.org/set-function-length/-/set-function-length-1.1.1.tgz", + "integrity": "sha512-VoaqjbBJKiWtg4yRcKBQ7g7wnGnLV3M8oLvVWwOk2PdYY6PEFegR1vezXR0tw6fZGF9csVakIRjrJiy2veSBFQ==", + "requires": { + "define-data-property": "^1.1.1", + "get-intrinsic": "^1.2.1", + "gopd": "^1.0.1", + "has-property-descriptors": "^1.0.0" + } + }, + "set-function-name": { + "version": "2.0.1", + "resolved": "https://registry.npmjs.org/set-function-name/-/set-function-name-2.0.1.tgz", + "integrity": "sha512-tMNCiqYVkXIZgc2Hnoy2IvC/f8ezc5koaRFkCjrpWzGpCd3qbZXPzVy9MAZzK1ch/X0jvSkojys3oqJN0qCmdA==", + "requires": { + "define-data-property": "^1.0.1", + "functions-have-names": "^1.2.3", + "has-property-descriptors": "^1.0.0" + } + }, "setimmediate": { "version": "1.0.5", "resolved": "https://registry.npmjs.org/setimmediate/-/setimmediate-1.0.5.tgz", @@ -41838,24 +42246,34 @@ } } }, + "string.prototype.trim": { + "version": "1.2.8", + "resolved": "https://registry.npmjs.org/string.prototype.trim/-/string.prototype.trim-1.2.8.tgz", + "integrity": "sha512-lfjY4HcixfQXOfaqCvcBuOIapyaroTXhbkfJN3gcB1OtyupngWK4sEET9Knd0cXd28kTUqu/kHoV4HKSJdnjiQ==", + "requires": { + "call-bind": "^1.0.2", + "define-properties": "^1.2.0", + "es-abstract": "^1.22.1" + } + }, "string.prototype.trimend": { - "version": "1.0.6", - "resolved": "https://registry.npmjs.org/string.prototype.trimend/-/string.prototype.trimend-1.0.6.tgz", - "integrity": "sha512-JySq+4mrPf9EsDBEDYMOb/lM7XQLulwg5R/m1r0PXEFqrV0qHvl58sdTilSXtKOflCsK2E8jxf+GKC0T07RWwQ==", + "version": "1.0.7", + "resolved": "https://registry.npmjs.org/string.prototype.trimend/-/string.prototype.trimend-1.0.7.tgz", + "integrity": "sha512-Ni79DqeB72ZFq1uH/L6zJ+DKZTkOtPIHovb3YZHQViE+HDouuU4mBrLOLDn5Dde3RF8qw5qVETEjhu9locMLvA==", "requires": { "call-bind": "^1.0.2", - "define-properties": "^1.1.4", - "es-abstract": "^1.20.4" + "define-properties": "^1.2.0", + "es-abstract": "^1.22.1" } }, "string.prototype.trimstart": { - "version": "1.0.6", - "resolved": "https://registry.npmjs.org/string.prototype.trimstart/-/string.prototype.trimstart-1.0.6.tgz", - "integrity": "sha512-omqjMDaY92pbn5HOX7f9IccLA+U1tA9GvtU4JrodiXFfYB7jPzzHpRzpglLAjtUV6bB557zwClJezTqnAiYnQA==", + "version": "1.0.7", + "resolved": "https://registry.npmjs.org/string.prototype.trimstart/-/string.prototype.trimstart-1.0.7.tgz", + "integrity": "sha512-NGhtDFu3jCEm7B4Fy0DpLewdJQOZcQ0rGbwQ/+stjnrp2i+rlKeCvos9hOIeCmqwratM47OBxY7uFZzjxHXmrg==", "requires": { "call-bind": "^1.0.2", - "define-properties": "^1.1.4", - "es-abstract": "^1.20.4" + "define-properties": "^1.2.0", + "es-abstract": "^1.22.1" } }, "strip-ansi": { @@ -42855,6 +43273,49 @@ } } }, + "typed-array-buffer": { + "version": "1.0.0", + "resolved": "https://registry.npmjs.org/typed-array-buffer/-/typed-array-buffer-1.0.0.tgz", + "integrity": "sha512-Y8KTSIglk9OZEr8zywiIHG/kmQ7KWyjseXs1CbSo8vC42w7hg2HgYTxSWwP0+is7bWDc1H+Fo026CpHFwm8tkw==", + "requires": { + "call-bind": "^1.0.2", + "get-intrinsic": "^1.2.1", + "is-typed-array": "^1.1.10" + } + }, + "typed-array-byte-length": { + "version": "1.0.0", + "resolved": "https://registry.npmjs.org/typed-array-byte-length/-/typed-array-byte-length-1.0.0.tgz", + "integrity": "sha512-Or/+kvLxNpeQ9DtSydonMxCx+9ZXOswtwJn17SNLvhptaXYDJvkFFP5zbfU/uLmvnBJlI4yrnXRxpdWH/M5tNA==", + "requires": { + "call-bind": "^1.0.2", + "for-each": "^0.3.3", + "has-proto": "^1.0.1", + "is-typed-array": "^1.1.10" + } + }, + "typed-array-byte-offset": { + "version": "1.0.0", + "resolved": "https://registry.npmjs.org/typed-array-byte-offset/-/typed-array-byte-offset-1.0.0.tgz", + "integrity": "sha512-RD97prjEt9EL8YgAgpOkf3O4IF9lhJFr9g0htQkm0rchFp/Vx7LW5Q8fSXXub7BXAODyUQohRMyOc3faCPd0hg==", + "requires": { + "available-typed-arrays": "^1.0.5", + "call-bind": "^1.0.2", + "for-each": "^0.3.3", + "has-proto": "^1.0.1", + "is-typed-array": "^1.1.10" + } + }, + "typed-array-length": { + "version": "1.0.4", + "resolved": "https://registry.npmjs.org/typed-array-length/-/typed-array-length-1.0.4.tgz", + "integrity": "sha512-KjZypGq+I/H7HI5HlOoGHkWUUGq+Q0TPhQurLbyrVrvnKTBgzLhIJ7j6J/XTQOi0d1RjyZ0wdas8bKs2p0x3Ng==", + "requires": { + "call-bind": "^1.0.2", + "for-each": "^0.3.3", + "is-typed-array": "^1.1.9" + } + }, "typedarray": { "version": "0.0.6", "resolved": "https://registry.npmjs.org/typedarray/-/typedarray-0.0.6.tgz", @@ -43325,16 +43786,15 @@ "integrity": "sha1-u6Y8qGGUiZT/MHc2CJ47lgJsKk8=" }, "which-typed-array": { - "version": "1.1.9", - "resolved": "https://registry.npmjs.org/which-typed-array/-/which-typed-array-1.1.9.tgz", - "integrity": "sha512-w9c4xkx6mPidwp7180ckYWfMmvxpjlZuIudNtDf4N/tTAUB8VJbX25qZoAsrtGuYNnGw3pa0AXgbGKRB8/EceA==", + "version": "1.1.13", + "resolved": "https://registry.npmjs.org/which-typed-array/-/which-typed-array-1.1.13.tgz", + "integrity": "sha512-P5Nra0qjSncduVPEAr7xhoF5guty49ArDTwzJ/yNuPIbZppyRxFQsRCWrocxIY+CnMVG+qfbU2FmDKyvSGClow==", "requires": { "available-typed-arrays": "^1.0.5", - "call-bind": "^1.0.2", + "call-bind": "^1.0.4", "for-each": "^0.3.3", "gopd": "^1.0.1", - "has-tostringtag": "^1.0.0", - "is-typed-array": "^1.1.10" + "has-tostringtag": "^1.0.0" } }, "window-size": { diff --git a/package.json b/package.json index 6afd927c17c..53a0752ee10 100644 --- a/package.json +++ b/package.json @@ -261,7 +261,7 @@ "eslint-config-airbnb-typescript": "^17.0.0", "eslint-config-prettier": "^8.5.0", "eslint-import-resolver-typescript": "^3.5.2", - "eslint-plugin-import": "^2.26.0", + "eslint-plugin-import": "^2.29.0", "eslint-plugin-jest": "^27.1.6", "eslint-plugin-jsx-a11y": "^6.6.1", "eslint-plugin-no-only-tests": "^3.1.0", From a407c719a8471a8a8823e2dfa2d94e1b452ccb34 Mon Sep 17 00:00:00 2001 From: agnisa-cap Date: Fri, 10 Nov 2023 13:19:23 +0100 Subject: [PATCH 3/6] N21-1029 renaming of collections (#4547) * renames some collections: user_login_migrations -> user-login-migrations external_tools -> external-tools context_external_tools -> context-external-tools school_external_tools -> school-external-tools --- .../templates/configmap_file_init.yml.j2 | 12 ++--- .../allowed-authorization-object-type.enum.ts | 4 +- .../entity/context-external-tool.entity.ts | 2 +- .../entity/external-tool.entity.ts | 2 +- .../entity/school-external-tool.entity.ts | 2 +- .../entity/user-login-migration.entity.ts | 2 +- ...tools.json => context-external-tools.json} | 0 ...xternal_tools.json => external-tools.json} | 0 backup/setup/migrations.json | 11 +++++ ..._tools.json => school-external-tools.json} | 0 backup/setup/user-login-migrations.json | 1 + ...tool-and-user-login-migration-renamings.js | 44 +++++++++++++++++++ src/services/school/model.js | 2 +- 13 files changed, 69 insertions(+), 13 deletions(-) rename backup/setup/{context_external_tools.json => context-external-tools.json} (100%) rename backup/setup/{external_tools.json => external-tools.json} (100%) rename backup/setup/{school_external_tools.json => school-external-tools.json} (100%) create mode 100644 backup/setup/user-login-migrations.json create mode 100644 migrations/1699529266062-tool-and-user-login-migration-renamings.js diff --git a/ansible/roles/schulcloud-server-init/templates/configmap_file_init.yml.j2 b/ansible/roles/schulcloud-server-init/templates/configmap_file_init.yml.j2 index a3e5459077f..654d4152b95 100644 --- a/ansible/roles/schulcloud-server-init/templates/configmap_file_init.yml.j2 +++ b/ansible/roles/schulcloud-server-init/templates/configmap_file_init.yml.j2 @@ -390,8 +390,8 @@ data: }' # Add Bettermarks' tools configuration as an external tool - # (stored in the 'external_tools' collection) that uses OAuth. - mongosh $DATABASE__URL --eval 'db.external_tools.replaceOne( + # (stored in the 'external-tools' collection) that uses OAuth. + mongosh $DATABASE__URL --eval 'db.external-tools.replaceOne( { "name": "bettermarks", "config_type": "oauth2" @@ -486,9 +486,9 @@ data: echo "POSTed nextcloud to hydra." # Add Nextcloud' tools configuration as an external tool - # (stored in the 'external_tools' collection) that uses OAuth. - echo "Inserting nextcloud to external_tools..." - mongosh $DATABASE__URL --eval 'db.external_tools.update( + # (stored in the 'external-tools' collection) that uses OAuth. + echo "Inserting nextcloud to external-tools..." + mongosh $DATABASE__URL --eval 'db.external-tools.update( { "name": "nextcloud", "config_type": "oauth2" @@ -512,7 +512,7 @@ data: "upsert": true } );' - echo "Inserted nextcloud to external_tools." + echo "Inserted nextcloud to external-tools." echo "Nextcloud config data init performed successfully." fi diff --git a/apps/server/src/modules/authorization/domain/type/allowed-authorization-object-type.enum.ts b/apps/server/src/modules/authorization/domain/type/allowed-authorization-object-type.enum.ts index f36ca235af1..01f24b21985 100644 --- a/apps/server/src/modules/authorization/domain/type/allowed-authorization-object-type.enum.ts +++ b/apps/server/src/modules/authorization/domain/type/allowed-authorization-object-type.enum.ts @@ -7,7 +7,7 @@ export enum AuthorizableReferenceType { 'Lesson' = 'lessons', 'Team' = 'teams', 'Submission' = 'submissions', - 'SchoolExternalToolEntity' = 'school_external_tools', + 'SchoolExternalToolEntity' = 'school-external-tools', 'BoardNode' = 'boardnodes', - 'ContextExternalToolEntity' = 'context_external_tools', + 'ContextExternalToolEntity' = 'context-external-tools', } diff --git a/apps/server/src/modules/tool/context-external-tool/entity/context-external-tool.entity.ts b/apps/server/src/modules/tool/context-external-tool/entity/context-external-tool.entity.ts index 6fdbad2b3af..aebab1a8d5d 100644 --- a/apps/server/src/modules/tool/context-external-tool/entity/context-external-tool.entity.ts +++ b/apps/server/src/modules/tool/context-external-tool/entity/context-external-tool.entity.ts @@ -18,7 +18,7 @@ export interface IContextExternalToolProperties { toolVersion: number; } -@Entity({ tableName: 'context_external_tools' }) +@Entity({ tableName: 'context-external-tools' }) export class ContextExternalToolEntity extends BaseEntityWithTimestamps { @ManyToOne() schoolTool: SchoolExternalToolEntity; diff --git a/apps/server/src/modules/tool/external-tool/entity/external-tool.entity.ts b/apps/server/src/modules/tool/external-tool/entity/external-tool.entity.ts index 3bd3ed9c30d..481ed3b7c2d 100644 --- a/apps/server/src/modules/tool/external-tool/entity/external-tool.entity.ts +++ b/apps/server/src/modules/tool/external-tool/entity/external-tool.entity.ts @@ -6,7 +6,7 @@ import { BasicToolConfigEntity, Lti11ToolConfigEntity, Oauth2ToolConfigEntity } export type IExternalToolProperties = Readonly>; -@Entity({ tableName: 'external_tools' }) +@Entity({ tableName: 'external-tools' }) export class ExternalToolEntity extends BaseEntityWithTimestamps { @Unique() @Property() diff --git a/apps/server/src/modules/tool/school-external-tool/entity/school-external-tool.entity.ts b/apps/server/src/modules/tool/school-external-tool/entity/school-external-tool.entity.ts index a1682e3b7cd..fc7f6703d05 100644 --- a/apps/server/src/modules/tool/school-external-tool/entity/school-external-tool.entity.ts +++ b/apps/server/src/modules/tool/school-external-tool/entity/school-external-tool.entity.ts @@ -11,7 +11,7 @@ export interface ISchoolExternalToolProperties { toolVersion: number; } -@Entity({ tableName: 'school_external_tools' }) +@Entity({ tableName: 'school-external-tools' }) export class SchoolExternalToolEntity extends BaseEntityWithTimestamps { @ManyToOne() tool: ExternalToolEntity; diff --git a/apps/server/src/shared/domain/entity/user-login-migration.entity.ts b/apps/server/src/shared/domain/entity/user-login-migration.entity.ts index 2daf9707f3c..b79b3d862c3 100644 --- a/apps/server/src/shared/domain/entity/user-login-migration.entity.ts +++ b/apps/server/src/shared/domain/entity/user-login-migration.entity.ts @@ -5,7 +5,7 @@ import { BaseEntityWithTimestamps } from './base.entity'; export type IUserLoginMigration = Readonly>; -@Entity({ tableName: 'user_login_migrations' }) +@Entity({ tableName: 'user-login-migrations' }) export class UserLoginMigrationEntity extends BaseEntityWithTimestamps { @OneToOne(() => SchoolEntity, undefined, { nullable: false }) school: SchoolEntity; diff --git a/backup/setup/context_external_tools.json b/backup/setup/context-external-tools.json similarity index 100% rename from backup/setup/context_external_tools.json rename to backup/setup/context-external-tools.json diff --git a/backup/setup/external_tools.json b/backup/setup/external-tools.json similarity index 100% rename from backup/setup/external_tools.json rename to backup/setup/external-tools.json diff --git a/backup/setup/migrations.json b/backup/setup/migrations.json index 90fcee0baa3..e00ca430152 100644 --- a/backup/setup/migrations.json +++ b/backup/setup/migrations.json @@ -339,5 +339,16 @@ "$date": "2023-10-26T13:06:27.322Z" }, "__v": 0 + }, + { + "_id": { + "$oid": "654cc2326b83f786c4227b21" + }, + "state": "up", + "name": "tool-and-user-login-migration-renamings", + "createdAt": { + "$date": "2023-11-09T11:27:46.062Z" + }, + "__v": 0 } ] diff --git a/backup/setup/school_external_tools.json b/backup/setup/school-external-tools.json similarity index 100% rename from backup/setup/school_external_tools.json rename to backup/setup/school-external-tools.json diff --git a/backup/setup/user-login-migrations.json b/backup/setup/user-login-migrations.json new file mode 100644 index 00000000000..fe51488c706 --- /dev/null +++ b/backup/setup/user-login-migrations.json @@ -0,0 +1 @@ +[] diff --git a/migrations/1699529266062-tool-and-user-login-migration-renamings.js b/migrations/1699529266062-tool-and-user-login-migration-renamings.js new file mode 100644 index 00000000000..8b2480a41e4 --- /dev/null +++ b/migrations/1699529266062-tool-and-user-login-migration-renamings.js @@ -0,0 +1,44 @@ +const mongoose = require('mongoose'); +const { info, error } = require('../src/logger'); + +const { connect, close } = require('../src/utils/database'); + +async function renameCollection(oldName, newName) { + try { + await mongoose.connection.collection(oldName).rename(newName); + info(`Renamed collection ${oldName} to ${newName}`); + } catch (err) { + error(`Error renaming collection ${oldName} to ${newName}: ${err.message}`); + throw err; + } +} + +module.exports = { + up: async function up() { + await connect(); + + await renameCollection('user_login_migrations', 'user-login-migrations'); + + await renameCollection('external_tools', 'external-tools'); + + await renameCollection('context_external_tools', 'context-external-tools'); + + await renameCollection('school_external_tools', 'school-external-tools'); + + await close(); + }, + + down: async function down() { + await connect(); + + await renameCollection('user-login-migrations', 'user_login_migrations'); + + await renameCollection('external-tools', 'external_tools'); + + await renameCollection('context-external-tools', 'context_external_tools'); + + await renameCollection('school-external-tools', 'school_external_tools'); + + await close(); + }, +}; diff --git a/src/services/school/model.js b/src/services/school/model.js index 0ec931e4191..787f7b55348 100644 --- a/src/services/school/model.js +++ b/src/services/school/model.js @@ -177,7 +177,7 @@ const gradeLevelSchema = new Schema({ }); const schoolModel = mongoose.model('school', schoolSchema); -const userLoginMigrationModel = mongoose.model('userLoginMigration', userLoginMigrationSchema, 'user_login_migrations'); +const userLoginMigrationModel = mongoose.model('userLoginMigration', userLoginMigrationSchema, 'user-login-migrations'); const schoolGroupModel = mongoose.model('schoolGroup', schoolGroupSchema); const yearModel = mongoose.model('year', yearSchema); const gradeLevelModel = mongoose.model('gradeLevel', gradeLevelSchema); From 249454c2773e5583ac2ea64b567d17b00767b47c Mon Sep 17 00:00:00 2001 From: agnisa-cap Date: Fri, 10 Nov 2023 15:55:39 +0100 Subject: [PATCH 4/6] N21-1029 bugfix renaming of collections (#4551) * changed rename to aggregate and drop --- ...tool-and-user-login-migration-renamings.js | 41 ++++++++++--------- 1 file changed, 22 insertions(+), 19 deletions(-) diff --git a/migrations/1699529266062-tool-and-user-login-migration-renamings.js b/migrations/1699529266062-tool-and-user-login-migration-renamings.js index 8b2480a41e4..e1b0695b444 100644 --- a/migrations/1699529266062-tool-and-user-login-migration-renamings.js +++ b/migrations/1699529266062-tool-and-user-login-migration-renamings.js @@ -1,14 +1,23 @@ const mongoose = require('mongoose'); const { info, error } = require('../src/logger'); - const { connect, close } = require('../src/utils/database'); -async function renameCollection(oldName, newName) { +async function aggregateAndDropCollection(oldName, newName) { try { - await mongoose.connection.collection(oldName).rename(newName); - info(`Renamed collection ${oldName} to ${newName}`); + const { connection } = mongoose; + + // Aggregation pipeline for copying the documents + const pipeline = [{ $match: {} }, { $out: newName }]; + + // Copy documents from the old collection to the new collection + await connection.collection(oldName).aggregate(pipeline).toArray(); + info(`Aggregated and copied documents from ${oldName} to ${newName}`); + + // Delete old collection + await connection.collection(oldName).drop(); + info(`Dropped collection ${oldName}`); } catch (err) { - error(`Error renaming collection ${oldName} to ${newName}: ${err.message}`); + error(`Error aggregating, copying, and deleting collection ${oldName} to ${newName}: ${err.message}`); throw err; } } @@ -17,13 +26,10 @@ module.exports = { up: async function up() { await connect(); - await renameCollection('user_login_migrations', 'user-login-migrations'); - - await renameCollection('external_tools', 'external-tools'); - - await renameCollection('context_external_tools', 'context-external-tools'); - - await renameCollection('school_external_tools', 'school-external-tools'); + await aggregateAndDropCollection('user_login_migrations', 'user-login-migrations'); + await aggregateAndDropCollection('external_tools', 'external-tools'); + await aggregateAndDropCollection('context_external_tools', 'context-external-tools'); + await aggregateAndDropCollection('school_external_tools', 'school-external-tools'); await close(); }, @@ -31,13 +37,10 @@ module.exports = { down: async function down() { await connect(); - await renameCollection('user-login-migrations', 'user_login_migrations'); - - await renameCollection('external-tools', 'external_tools'); - - await renameCollection('context-external-tools', 'context_external_tools'); - - await renameCollection('school-external-tools', 'school_external_tools'); + await aggregateAndDropCollection('user-login-migrations', 'user_login_migrations'); + await aggregateAndDropCollection('external-tools', 'external_tools'); + await aggregateAndDropCollection('context-external-tools', 'context_external_tools'); + await aggregateAndDropCollection('school-external-tools', 'school_external_tools'); await close(); }, From 034cab840ab347aa621248cc47e1e7317631e4b7 Mon Sep 17 00:00:00 2001 From: agnisa-cap Date: Mon, 13 Nov 2023 10:13:15 +0100 Subject: [PATCH 5/6] N21-1456 improves oauth error handling (#4539) --- .../loggable/axios-error.loggable.spec.ts | 32 ++ .../error/loggable/axios-error.loggable.ts | 20 + apps/server/src/core/error/loggable/index.ts | 2 + .../hydra/hydra.adapter.spec.ts | 391 +++++++++++++----- .../oauth-provider/hydra/hydra.adapter.ts | 37 +- ...ra-oauth-failed-loggable-exception.spec.ts | 35 ++ .../hydra-oauth-failed-loggable-exception.ts | 8 + .../infra/oauth-provider/loggable/index.ts | 1 + .../src/modules/oauth/loggable/index.ts | 1 + .../modules/oauth/loggable/oauth-sso.error.ts | 4 + .../token-request-loggable-exception.spec.ts | 34 ++ .../token-request-loggable-exception.ts | 8 + .../service/oauth-adapter.service.spec.ts | 61 ++- .../oauth/service/oauth-adapter.service.ts | 11 +- .../testing/factory/axios-error.factory.ts | 28 ++ .../src/shared/testing/factory/index.ts | 1 + 16 files changed, 549 insertions(+), 125 deletions(-) create mode 100644 apps/server/src/core/error/loggable/axios-error.loggable.spec.ts create mode 100644 apps/server/src/core/error/loggable/axios-error.loggable.ts create mode 100644 apps/server/src/core/error/loggable/index.ts create mode 100644 apps/server/src/infra/oauth-provider/loggable/hydra-oauth-failed-loggable-exception.spec.ts create mode 100644 apps/server/src/infra/oauth-provider/loggable/hydra-oauth-failed-loggable-exception.ts create mode 100644 apps/server/src/infra/oauth-provider/loggable/index.ts create mode 100644 apps/server/src/modules/oauth/loggable/token-request-loggable-exception.spec.ts create mode 100644 apps/server/src/modules/oauth/loggable/token-request-loggable-exception.ts create mode 100644 apps/server/src/shared/testing/factory/axios-error.factory.ts diff --git a/apps/server/src/core/error/loggable/axios-error.loggable.spec.ts b/apps/server/src/core/error/loggable/axios-error.loggable.spec.ts new file mode 100644 index 00000000000..f2b480a4bf7 --- /dev/null +++ b/apps/server/src/core/error/loggable/axios-error.loggable.spec.ts @@ -0,0 +1,32 @@ +import { axiosErrorFactory } from '@shared/testing/factory'; +import { AxiosError } from 'axios'; +import { AxiosErrorLoggable } from './axios-error.loggable'; + +describe(AxiosErrorLoggable.name, () => { + describe('getLogMessage', () => { + const setup = () => { + const error = { + error: 'invalid_request', + }; + const type = 'mockType'; + const axiosError: AxiosError = axiosErrorFactory.withError(error).build(); + + const axiosErrorLoggable = new AxiosErrorLoggable(axiosError, type); + + return { axiosErrorLoggable, error, axiosError }; + }; + + it('should return error log message', () => { + const { axiosErrorLoggable, error, axiosError } = setup(); + + const result = axiosErrorLoggable.getLogMessage(); + + expect(result).toEqual({ + type: 'mockType', + message: axiosError.message, + data: JSON.stringify(error), + stack: 'mockStack', + }); + }); + }); +}); diff --git a/apps/server/src/core/error/loggable/axios-error.loggable.ts b/apps/server/src/core/error/loggable/axios-error.loggable.ts new file mode 100644 index 00000000000..29e6ad32dad --- /dev/null +++ b/apps/server/src/core/error/loggable/axios-error.loggable.ts @@ -0,0 +1,20 @@ +import { HttpException, HttpStatus } from '@nestjs/common'; +import { ErrorLogMessage, Loggable, LogMessage, ValidationErrorLogMessage } from '@src/core/logger'; +import { AxiosError } from 'axios'; + +export class AxiosErrorLoggable extends HttpException implements Loggable { + constructor(private readonly axiosError: AxiosError, protected readonly type: string) { + super(JSON.stringify(axiosError.response?.data), axiosError.status ?? HttpStatus.INTERNAL_SERVER_ERROR, { + cause: axiosError.cause, + }); + } + + getLogMessage(): LogMessage | ErrorLogMessage | ValidationErrorLogMessage { + return { + message: this.axiosError.message, + type: this.type, + data: JSON.stringify(this.axiosError.response?.data), + stack: this.axiosError.stack, + }; + } +} diff --git a/apps/server/src/core/error/loggable/index.ts b/apps/server/src/core/error/loggable/index.ts new file mode 100644 index 00000000000..0470cbee690 --- /dev/null +++ b/apps/server/src/core/error/loggable/index.ts @@ -0,0 +1,2 @@ +export * from './error.loggable'; +export * from './axios-error.loggable'; diff --git a/apps/server/src/infra/oauth-provider/hydra/hydra.adapter.spec.ts b/apps/server/src/infra/oauth-provider/hydra/hydra.adapter.spec.ts index 7e30c5668c7..2a373195bc6 100644 --- a/apps/server/src/infra/oauth-provider/hydra/hydra.adapter.spec.ts +++ b/apps/server/src/infra/oauth-provider/hydra/hydra.adapter.spec.ts @@ -1,7 +1,5 @@ -import { DeepMocked, createMock } from '@golevelup/ts-jest'; +import { createMock, DeepMocked } from '@golevelup/ts-jest'; import { Configuration } from '@hpi-schul-cloud/commons/lib'; -import { HttpService } from '@nestjs/axios'; -import { Test, TestingModule } from '@nestjs/testing'; import { AcceptConsentRequestBody, AcceptLoginRequestBody, @@ -12,11 +10,15 @@ import { ProviderRedirectResponse, RejectRequestBody, } from '@infra/oauth-provider/dto'; +import { HttpService } from '@nestjs/axios'; +import { Test, TestingModule } from '@nestjs/testing'; import { axiosResponseFactory } from '@shared/testing'; -import { AxiosRequestConfig, Method, RawAxiosRequestHeaders } from 'axios'; -import { of } from 'rxjs'; +import { axiosErrorFactory } from '@shared/testing/factory'; +import { AxiosError, AxiosRequestConfig, Method, RawAxiosRequestHeaders } from 'axios'; +import { of, throwError } from 'rxjs'; +import { ProviderConsentSessionResponse } from '../dto'; +import { HydraOauthFailedLoggableException } from '../loggable'; import { HydraAdapter } from './hydra.adapter'; -import { ProviderConsentSessionResponse } from '../dto/response/consent-session.response'; import resetAllMocks = jest.resetAllMocks; class HydraAdapterSpec extends HydraAdapter { @@ -66,100 +68,66 @@ describe('HydraService', () => { }); describe('request', () => { - it('should return data when called with all parameters', async () => { - const data: { test: string } = { - test: 'data', - }; - - httpService.request.mockReturnValue(of(createAxiosResponse(data))); - - const result: { test: string } = await service.requestSpec( - 'GET', - 'testUrl', - { dataKey: 'dataValue' }, - { headerKey: 'headerValue' } - ); + describe('when called with all parameters', () => { + const setup = () => { + const data: { test: string } = { + test: 'data', + }; - expect(result).toEqual(data); - expect(httpService.request).toHaveBeenCalledWith( - expect.objectContaining({ - url: 'testUrl', - method: 'GET', - headers: { - 'X-Forwarded-Proto': 'https', - headerKey: 'headerValue', - }, - data: { dataKey: 'dataValue' }, - }) - ); - }); + httpService.request.mockReturnValue(of(createAxiosResponse(data))); - it('should return data when called with only necessary parameters', async () => { - const data: { test: string } = { - test: 'data', + return { + data, + }; }; - httpService.request.mockReturnValue(of(createAxiosResponse(data))); - - const result: { test: string } = await service.requestSpec('GET', 'testUrl'); - - expect(result).toEqual(data); - expect(httpService.request).toHaveBeenCalledWith( - expect.objectContaining({ - url: 'testUrl', - method: 'GET', - headers: { - 'X-Forwarded-Proto': 'https', - }, - }) - ); - }); - }); - - describe('Client Flow', () => { - describe('listOAuth2Clients', () => { - it('should list all oauth2 clients', async () => { - const data: ProviderOauthClient[] = [ - { - client_id: 'client1', - }, - { - client_id: 'client2', - }, - ]; - - httpService.request.mockReturnValue(of(createAxiosResponse(data))); + it('should return data', async () => { + const { data } = setup(); - const result: ProviderOauthClient[] = await service.listOAuth2Clients(); + const result: { test: string } = await service.requestSpec( + 'GET', + 'testUrl', + { dataKey: 'dataValue' }, + { headerKey: 'headerValue' } + ); expect(result).toEqual(data); expect(httpService.request).toHaveBeenCalledWith( expect.objectContaining({ - url: `${hydraUri}/clients`, + url: 'testUrl', method: 'GET', headers: { 'X-Forwarded-Proto': 'https', + headerKey: 'headerValue', }, + data: { dataKey: 'dataValue' }, }) ); }); + }); - it('should list all oauth2 clients within parameters', async () => { - const data: ProviderOauthClient[] = [ - { - client_id: 'client1', - owner: 'clientOwner', - }, - ]; + describe('when called with only necessary parameters', () => { + const setup = () => { + const data: { test: string } = { + test: 'data', + }; httpService.request.mockReturnValue(of(createAxiosResponse(data))); - const result: ProviderOauthClient[] = await service.listOAuth2Clients(1, 0, 'client1', 'clientOwner'); + return { + data, + }; + }; + + it('should return data', async () => { + const { data } = setup(); + + const result: { test: string } = await service.requestSpec('GET', 'testUrl'); expect(result).toEqual(data); expect(httpService.request).toHaveBeenCalledWith( expect.objectContaining({ - url: `${hydraUri}/clients?limit=1&offset=0&client_name=client1&owner=clientOwner`, + url: 'testUrl', method: 'GET', headers: { 'X-Forwarded-Proto': 'https', @@ -169,13 +137,130 @@ describe('HydraService', () => { }); }); + describe('when error occurs', () => { + describe('when error is an axios error', () => { + const setup = () => { + const error = { + error: 'invalid_request', + }; + const axiosError: AxiosError = axiosErrorFactory.withError(error).build({}); + + httpService.request.mockReturnValueOnce(throwError(() => axiosError)); + + return { + axiosError, + }; + }; + + it('should throw hydra oauth loggable exception', async () => { + const { axiosError } = setup(); + + await expect(service.listOAuth2Clients()).rejects.toThrow(new HydraOauthFailedLoggableException(axiosError)); + }); + }); + + describe('when error is any other error', () => { + const setup = () => { + httpService.request.mockReturnValueOnce(throwError(() => new Error('unknown error'))); + }; + + it('should throw the error', async () => { + setup(); + + await expect(service.listOAuth2Clients()).rejects.toThrow(new Error('unknown error')); + }); + }); + }); + }); + + describe('Client Flow', () => { + describe('listOAuth2Clients', () => { + describe('when only clientIds are given', () => { + const setup = () => { + const data: ProviderOauthClient[] = [ + { + client_id: 'client1', + }, + { + client_id: 'client2', + }, + ]; + + httpService.request.mockReturnValue(of(createAxiosResponse(data))); + + return { + data, + }; + }; + + it('should list all oauth2 clients', async () => { + const { data } = setup(); + + const result: ProviderOauthClient[] = await service.listOAuth2Clients(); + + expect(result).toEqual(data); + expect(httpService.request).toHaveBeenCalledWith( + expect.objectContaining({ + url: `${hydraUri}/clients`, + method: 'GET', + headers: { + 'X-Forwarded-Proto': 'https', + }, + }) + ); + }); + }); + + describe('when clientId and other parameters are given', () => { + const setup = () => { + const data: ProviderOauthClient[] = [ + { + client_id: 'client1', + owner: 'clientOwner', + }, + ]; + + httpService.request.mockReturnValue(of(createAxiosResponse(data))); + + return { + data, + }; + }; + + it('should list all oauth2 clients within parameters', async () => { + const { data } = setup(); + + const result: ProviderOauthClient[] = await service.listOAuth2Clients(1, 0, 'client1', 'clientOwner'); + + expect(result).toEqual(data); + expect(httpService.request).toHaveBeenCalledWith( + expect.objectContaining({ + url: `${hydraUri}/clients?limit=1&offset=0&client_name=client1&owner=clientOwner`, + method: 'GET', + headers: { + 'X-Forwarded-Proto': 'https', + }, + }) + ); + }); + }); + }); + describe('getOAuth2Client', () => { - it('should get oauth2 client', async () => { + const setup = () => { const data: ProviderOauthClient = { client_id: 'client', }; httpService.request.mockReturnValue(of(createAxiosResponse(data))); + return { + data, + }; + }; + + it('should get oauth2 client', async () => { + const { data } = setup(); + const result: ProviderOauthClient = await service.getOAuth2Client('clientId'); expect(result).toEqual(data); @@ -192,12 +277,20 @@ describe('HydraService', () => { }); describe('createOAuth2Client', () => { - it('should create oauth2 client', async () => { + const setup = () => { const data: ProviderOauthClient = { client_id: 'client', }; httpService.request.mockReturnValue(of(createAxiosResponse(data))); + return { + data, + }; + }; + + it('should create oauth2 client', async () => { + const { data } = setup(); + const result: ProviderOauthClient = await service.createOAuth2Client(data); expect(result).toEqual(data); @@ -215,12 +308,20 @@ describe('HydraService', () => { }); describe('updateOAuth2Client', () => { - it('should update oauth2 client', async () => { + const setup = () => { const data: ProviderOauthClient = { client_id: 'client', }; httpService.request.mockReturnValue(of(createAxiosResponse(data))); + return { + data, + }; + }; + + it('should update oauth2 client', async () => { + const { data } = setup(); + const result: ProviderOauthClient = await service.updateOAuth2Client('clientId', data); expect(result).toEqual(data); @@ -238,8 +339,12 @@ describe('HydraService', () => { }); describe('deleteOAuth2Client', () => { - it('should delete oauth2 client', async () => { + const setup = () => { httpService.request.mockReturnValue(of(createAxiosResponse({}))); + }; + + it('should delete oauth2 client', async () => { + setup(); await service.deleteOAuth2Client('clientId'); @@ -268,26 +373,30 @@ describe('HydraService', () => { }); describe('getConsentRequest', () => { - it('should make http request', async () => { - // Arrange + const setup = () => { const config: AxiosRequestConfig = { method: 'GET', url: `${hydraUri}/oauth2/auth/requests/consent?consent_challenge=${challenge}`, }; httpService.request.mockReturnValue(of(createAxiosResponse({ challenge }))); - // Act + return { + config, + }; + }; + + it('should make http request', async () => { + const { config } = setup(); + const result: ProviderConsentResponse = await service.getConsentRequest(challenge); - // Assert expect(result.challenge).toEqual(challenge); expect(httpService.request).toHaveBeenCalledWith(expect.objectContaining(config)); }); }); describe('acceptConsentRequest', () => { - it('should make http request', async () => { - // Arrange + const setup = () => { const body: AcceptConsentRequestBody = { grant_scope: ['offline', 'openid'], }; @@ -301,18 +410,25 @@ describe('HydraService', () => { of(createAxiosResponse({ redirect_to: expectedRedirectTo })) ); - // Act + return { + body, + config, + expectedRedirectTo, + }; + }; + + it('should make http request', async () => { + const { body, config, expectedRedirectTo } = setup(); + const result: ProviderRedirectResponse = await service.acceptConsentRequest(challenge, body); - // Assert expect(result.redirect_to).toEqual(expectedRedirectTo); expect(httpService.request).toHaveBeenCalledWith(expect.objectContaining(config)); }); }); describe('rejectConsentRequest', () => { - it('should make http request', async () => { - // Arrange + const setup = () => { const body: RejectRequestBody = { error: 'error', }; @@ -326,20 +442,36 @@ describe('HydraService', () => { of(createAxiosResponse({ redirect_to: expectedRedirectTo })) ); - // Act + return { + body, + config, + expectedRedirectTo, + }; + }; + + it('should make http request', async () => { + const { body, config, expectedRedirectTo } = setup(); + const result: ProviderRedirectResponse = await service.rejectConsentRequest(challenge, body); - // Assert expect(result.redirect_to).toEqual(expectedRedirectTo); expect(httpService.request).toHaveBeenCalledWith(expect.objectContaining(config)); }); }); describe('listConsentSessions', () => { - it('should list all consent sessions', async () => { + const setup = () => { const response: ProviderConsentSessionResponse[] = [{ consent_request: { challenge: 'challenge' } }]; httpService.request.mockReturnValue(of(createAxiosResponse(response))); + return { + response, + }; + }; + + it('should list all consent sessions', async () => { + const { response } = setup(); + const result: ProviderConsentSessionResponse[] = await service.listConsentSessions('userId'); expect(result).toEqual(response); @@ -356,8 +488,12 @@ describe('HydraService', () => { }); describe('revokeConsentSession', () => { - it('should revoke all consent sessions', async () => { + const setup = () => { httpService.request.mockReturnValue(of(createAxiosResponse({}))); + }; + + it('should revoke all consent sessions', async () => { + setup(); await service.revokeConsentSession('userId', 'clientId'); @@ -375,7 +511,7 @@ describe('HydraService', () => { describe('Logout Flow', () => { describe('acceptLogoutRequest', () => { - it('should make http request', async () => { + const setup = () => { const responseMock: ProviderRedirectResponse = { redirect_to: 'redirect_mock' }; httpService.request.mockReturnValue(of(createAxiosResponse(responseMock))); const config: AxiosRequestConfig = { @@ -384,6 +520,15 @@ describe('HydraService', () => { headers: { 'X-Forwarded-Proto': 'https' }, }; + return { + responseMock, + config, + }; + }; + + it('should make http request', async () => { + const { responseMock, config } = setup(); + const response: ProviderRedirectResponse = await service.acceptLogoutRequest('challenge_mock'); expect(httpService.request).toHaveBeenCalledWith(expect.objectContaining(config)); @@ -394,12 +539,20 @@ describe('HydraService', () => { describe('Miscellaneous', () => { describe('introspectOAuth2Token', () => { - it('should return introspect', async () => { + const setup = () => { const response: IntrospectResponse = { active: true, }; httpService.request.mockReturnValue(of(createAxiosResponse(response))); + return { + response, + }; + }; + + it('should return introspect', async () => { + const { response } = setup(); + const result: IntrospectResponse = await service.introspectOAuth2Token('token', 'scope'); expect(result).toEqual(response); @@ -418,8 +571,12 @@ describe('HydraService', () => { }); describe('isInstanceAlive', () => { - it('should check if hydra is alive', async () => { + const setup = () => { httpService.request.mockReturnValue(of(createAxiosResponse(true))); + }; + + it('should check if hydra is alive', async () => { + setup(); const result: boolean = await service.isInstanceAlive(); @@ -459,25 +616,30 @@ describe('HydraService', () => { }); describe('getLoginRequest', () => { - it('should send login request', async () => { - // Arrange + const setup = () => { const requestConfig: AxiosRequestConfig = { method: 'GET', url: `${hydraUri}/oauth2/auth/requests/login?login_challenge=${challenge}`, }; httpService.request.mockReturnValue(of(createAxiosResponse(providerLoginResponse))); - // Act + return { + requestConfig, + }; + }; + + it('should send login request', async () => { + const { requestConfig } = setup(); + const response: ProviderLoginResponse = await service.getLoginRequest(challenge); - // Assert expect(response).toEqual(providerLoginResponse); expect(httpService.request).toHaveBeenCalledWith(expect.objectContaining(requestConfig)); }); }); describe('acceptLoginRequest', () => { - it('should send accept login request', async () => { + const setup = () => { const body: AcceptLoginRequestBody = { subject: '', force_subject_identifier: '', @@ -494,6 +656,16 @@ describe('HydraService', () => { of(createAxiosResponse({ redirect_to: expectedRedirectTo })) ); + return { + body, + config, + expectedRedirectTo, + }; + }; + + it('should send accept login request', async () => { + const { body, config, expectedRedirectTo } = setup(); + const result: ProviderRedirectResponse = await service.acceptLoginRequest(challenge, body); expect(result.redirect_to).toEqual(expectedRedirectTo); @@ -502,8 +674,7 @@ describe('HydraService', () => { }); describe('rejectLoginRequest', () => { - it('should send reject login request', async () => { - // Arrange + const setup = () => { const body: RejectRequestBody = { error: 'error', }; @@ -517,10 +688,18 @@ describe('HydraService', () => { of(createAxiosResponse({ redirect_to: expectedRedirectTo })) ); - // Act + return { + body, + config, + expectedRedirectTo, + }; + }; + + it('should send reject login request', async () => { + const { body, config, expectedRedirectTo } = setup(); + const result: ProviderRedirectResponse = await service.rejectLoginRequest(challenge, body); - // Assert expect(result.redirect_to).toEqual(expectedRedirectTo); expect(httpService.request).toHaveBeenCalledWith(expect.objectContaining(config)); }); diff --git a/apps/server/src/infra/oauth-provider/hydra/hydra.adapter.ts b/apps/server/src/infra/oauth-provider/hydra/hydra.adapter.ts index f554a15abd3..3e2d389d643 100644 --- a/apps/server/src/infra/oauth-provider/hydra/hydra.adapter.ts +++ b/apps/server/src/infra/oauth-provider/hydra/hydra.adapter.ts @@ -1,21 +1,23 @@ import { Configuration } from '@hpi-schul-cloud/commons/lib'; import { HttpService } from '@nestjs/axios'; import { Injectable } from '@nestjs/common'; -import { AxiosResponse, Method, RawAxiosRequestHeaders } from 'axios'; +import { AxiosResponse, isAxiosError, Method, RawAxiosRequestHeaders } from 'axios'; import QueryString from 'qs'; -import { Observable, firstValueFrom } from 'rxjs'; +import { firstValueFrom, Observable } from 'rxjs'; +import { catchError } from 'rxjs/operators'; import { URL } from 'url'; import { AcceptConsentRequestBody, AcceptLoginRequestBody, IntrospectResponse, ProviderConsentResponse, + ProviderConsentSessionResponse, ProviderLoginResponse, ProviderOauthClient, ProviderRedirectResponse, RejectRequestBody, } from '../dto'; -import { ProviderConsentSessionResponse } from '../dto/response/consent-session.response'; +import { HydraOauthFailedLoggableException } from '../loggable'; import { OauthProviderService } from '../oauth-provider.service'; @Injectable() @@ -160,15 +162,26 @@ export class HydraAdapter extends OauthProviderService { data?: unknown, additionalHeaders: RawAxiosRequestHeaders = {} ): Promise { - const observable: Observable> = this.httpService.request({ - url, - method, - headers: { - 'X-Forwarded-Proto': 'https', - ...additionalHeaders, - }, - data, - }); + const observable: Observable> = this.httpService + .request({ + url, + method, + headers: { + 'X-Forwarded-Proto': 'https', + ...additionalHeaders, + }, + data, + }) + .pipe( + catchError((error: unknown) => { + if (isAxiosError(error)) { + throw new HydraOauthFailedLoggableException(error); + } else { + throw error; + } + }) + ); + const response: AxiosResponse = await firstValueFrom(observable); return response.data; } diff --git a/apps/server/src/infra/oauth-provider/loggable/hydra-oauth-failed-loggable-exception.spec.ts b/apps/server/src/infra/oauth-provider/loggable/hydra-oauth-failed-loggable-exception.spec.ts new file mode 100644 index 00000000000..a78b365d126 --- /dev/null +++ b/apps/server/src/infra/oauth-provider/loggable/hydra-oauth-failed-loggable-exception.spec.ts @@ -0,0 +1,35 @@ +import { axiosErrorFactory } from '@shared/testing/factory'; +import { AxiosError } from 'axios'; +import { HydraOauthFailedLoggableException } from './hydra-oauth-failed-loggable-exception'; + +describe(HydraOauthFailedLoggableException.name, () => { + describe('getLogMessage', () => { + const setup = () => { + const error = { + error: 'invalid_request', + }; + const axiosError: AxiosError = axiosErrorFactory.withError(error).build({ stack: 'someStack' }); + + const exception = new HydraOauthFailedLoggableException(axiosError); + + return { + exception, + axiosError, + error, + }; + }; + + it('should return the correct log message', () => { + const { exception, axiosError, error } = setup(); + + const message = exception.getLogMessage(); + + expect(message).toEqual({ + type: 'HYDRA_OAUTH_FAILED', + message: axiosError.message, + stack: axiosError.stack, + data: JSON.stringify(error), + }); + }); + }); +}); diff --git a/apps/server/src/infra/oauth-provider/loggable/hydra-oauth-failed-loggable-exception.ts b/apps/server/src/infra/oauth-provider/loggable/hydra-oauth-failed-loggable-exception.ts new file mode 100644 index 00000000000..c92dd3c7fff --- /dev/null +++ b/apps/server/src/infra/oauth-provider/loggable/hydra-oauth-failed-loggable-exception.ts @@ -0,0 +1,8 @@ +import { AxiosErrorLoggable } from '@src/core/error/loggable'; +import { AxiosError } from 'axios'; + +export class HydraOauthFailedLoggableException extends AxiosErrorLoggable { + constructor(error: AxiosError) { + super(error, 'HYDRA_OAUTH_FAILED'); + } +} diff --git a/apps/server/src/infra/oauth-provider/loggable/index.ts b/apps/server/src/infra/oauth-provider/loggable/index.ts new file mode 100644 index 00000000000..677fe4f84e6 --- /dev/null +++ b/apps/server/src/infra/oauth-provider/loggable/index.ts @@ -0,0 +1 @@ +export * from './hydra-oauth-failed-loggable-exception'; diff --git a/apps/server/src/modules/oauth/loggable/index.ts b/apps/server/src/modules/oauth/loggable/index.ts index b4e63107161..4c35983a4ca 100644 --- a/apps/server/src/modules/oauth/loggable/index.ts +++ b/apps/server/src/modules/oauth/loggable/index.ts @@ -1,3 +1,4 @@ export * from './oauth-sso.error'; export * from './sso-error-code.enum'; export * from './user-not-found-after-provisioning.loggable-exception'; +export * from './token-request-loggable-exception'; diff --git a/apps/server/src/modules/oauth/loggable/oauth-sso.error.ts b/apps/server/src/modules/oauth/loggable/oauth-sso.error.ts index 35659b2778f..cc1486adcb7 100644 --- a/apps/server/src/modules/oauth/loggable/oauth-sso.error.ts +++ b/apps/server/src/modules/oauth/loggable/oauth-sso.error.ts @@ -1,6 +1,10 @@ import { InternalServerErrorException } from '@nestjs/common'; import { SSOErrorCode } from './sso-error-code.enum'; +/** + * @deprecated Please create a loggable instead. + * This will be removed with: https://ticketsystem.dbildungscloud.de/browse/N21-1483 + */ export class OAuthSSOError extends InternalServerErrorException { readonly message: string; diff --git a/apps/server/src/modules/oauth/loggable/token-request-loggable-exception.spec.ts b/apps/server/src/modules/oauth/loggable/token-request-loggable-exception.spec.ts new file mode 100644 index 00000000000..6716175bdbe --- /dev/null +++ b/apps/server/src/modules/oauth/loggable/token-request-loggable-exception.spec.ts @@ -0,0 +1,34 @@ +import { axiosErrorFactory } from '@shared/testing/factory'; +import { AxiosError } from 'axios'; +import { TokenRequestLoggableException } from './token-request-loggable-exception'; + +describe(TokenRequestLoggableException.name, () => { + describe('getLogMessage', () => { + const setup = () => { + const error = { + error: 'invalid_request', + }; + const axiosError: AxiosError = axiosErrorFactory.withError(error).build(); + const exception = new TokenRequestLoggableException(axiosError); + + return { + axiosError, + exception, + error, + }; + }; + + it('should return the correct log message', () => { + const { axiosError, exception, error } = setup(); + + const logMessage = exception.getLogMessage(); + + expect(logMessage).toStrictEqual({ + type: 'OAUTH_TOKEN_REQUEST_ERROR', + message: axiosError.message, + data: JSON.stringify(error), + stack: axiosError.stack, + }); + }); + }); +}); diff --git a/apps/server/src/modules/oauth/loggable/token-request-loggable-exception.ts b/apps/server/src/modules/oauth/loggable/token-request-loggable-exception.ts new file mode 100644 index 00000000000..fd852186829 --- /dev/null +++ b/apps/server/src/modules/oauth/loggable/token-request-loggable-exception.ts @@ -0,0 +1,8 @@ +import { AxiosErrorLoggable } from '@src/core/error/loggable'; +import { AxiosError } from 'axios'; + +export class TokenRequestLoggableException extends AxiosErrorLoggable { + constructor(error: AxiosError) { + super(error, 'OAUTH_TOKEN_REQUEST_ERROR'); + } +} diff --git a/apps/server/src/modules/oauth/service/oauth-adapter.service.spec.ts b/apps/server/src/modules/oauth/service/oauth-adapter.service.spec.ts index 12c0a381d8b..af03a6fdda2 100644 --- a/apps/server/src/modules/oauth/service/oauth-adapter.service.spec.ts +++ b/apps/server/src/modules/oauth/service/oauth-adapter.service.spec.ts @@ -2,9 +2,11 @@ import { createMock, DeepMocked } from '@golevelup/ts-jest'; import { HttpService } from '@nestjs/axios'; import { Test, TestingModule } from '@nestjs/testing'; import { axiosResponseFactory } from '@shared/testing'; +import { axiosErrorFactory } from '@shared/testing/factory'; +import { AxiosError } from 'axios'; import { of, throwError } from 'rxjs'; import { OAuthGrantType } from '../interface/oauth-grant-type.enum'; -import { OAuthSSOError } from '../loggable'; +import { TokenRequestLoggableException } from '../loggable'; import { AuthenticationCodeGrantTokenRequest, OauthTokenResponse } from './dto'; import { OauthAdapterService } from './oauth-adapter.service'; @@ -93,12 +95,65 @@ describe('OauthAdapterServive', () => { }); describe('when no token got returned', () => { + const setup = () => { + const error = new Error('unknown error'); + httpService.post.mockReturnValueOnce(throwError(() => error)); + + return { + error, + }; + }; + it('should throw an error', async () => { - httpService.post.mockReturnValueOnce(throwError(() => 'error')); + const { error } = setup(); const resp = service.sendAuthenticationCodeTokenRequest('tokenEndpoint', testPayload); - await expect(resp).rejects.toEqual(new OAuthSSOError('Requesting token failed.', 'sso_auth_code_step')); + await expect(resp).rejects.toEqual(error); + }); + }); + + describe('when error got returned', () => { + describe('when error is a unknown error', () => { + const setup = () => { + const error = new Error('unknown error'); + httpService.post.mockReturnValueOnce(throwError(() => error)); + + return { + error, + }; + }; + + it('should throw the default sso error', async () => { + const { error } = setup(); + + const resp = service.sendAuthenticationCodeTokenRequest('tokenEndpoint', testPayload); + + await expect(resp).rejects.toEqual(error); + }); + }); + + describe('when error is a axios error', () => { + const setup = () => { + const error = { + error: 'invalid_request', + }; + const axiosError: AxiosError = axiosErrorFactory.withError(error).build(); + + httpService.post.mockReturnValueOnce(throwError(() => axiosError)); + + return { + axiosError, + }; + }; + + it('should throw an error', async () => { + const { axiosError } = setup(); + + const resp = service.sendAuthenticationCodeTokenRequest('tokenEndpoint', testPayload); + + await expect(resp).rejects.toEqual(new TokenRequestLoggableException(axiosError)); + }); }); }); }); diff --git a/apps/server/src/modules/oauth/service/oauth-adapter.service.ts b/apps/server/src/modules/oauth/service/oauth-adapter.service.ts index 6b008b610cf..4ab048b84c4 100644 --- a/apps/server/src/modules/oauth/service/oauth-adapter.service.ts +++ b/apps/server/src/modules/oauth/service/oauth-adapter.service.ts @@ -1,10 +1,10 @@ import { HttpService } from '@nestjs/axios'; import { Injectable } from '@nestjs/common/decorators'; -import { AxiosResponse } from 'axios'; +import { AxiosResponse, isAxiosError } from 'axios'; import JwksRsa from 'jwks-rsa'; import QueryString from 'qs'; import { lastValueFrom, Observable } from 'rxjs'; -import { OAuthSSOError } from '../loggable'; +import { TokenRequestLoggableException } from '../loggable'; import { AuthenticationCodeGrantTokenRequest, OauthTokenResponse } from './dto'; @Injectable() @@ -40,8 +40,11 @@ export class OauthAdapterService { let responseToken: AxiosResponse; try { responseToken = await lastValueFrom(observable); - } catch (error) { - throw new OAuthSSOError('Requesting token failed.', 'sso_auth_code_step'); + } catch (error: unknown) { + if (isAxiosError(error)) { + throw new TokenRequestLoggableException(error); + } + throw error; } return responseToken.data; diff --git a/apps/server/src/shared/testing/factory/axios-error.factory.ts b/apps/server/src/shared/testing/factory/axios-error.factory.ts new file mode 100644 index 00000000000..089179dafef --- /dev/null +++ b/apps/server/src/shared/testing/factory/axios-error.factory.ts @@ -0,0 +1,28 @@ +import { HttpStatus } from '@nestjs/common'; +import { axiosResponseFactory } from '@shared/testing'; +import { AxiosError, AxiosHeaders } from 'axios'; +import { Factory } from 'fishery'; + +class AxiosErrorFactory extends Factory { + withError(error: unknown): this { + return this.params({ + response: axiosResponseFactory.build({ status: HttpStatus.BAD_REQUEST, data: error }), + }); + } +} + +export const axiosErrorFactory = AxiosErrorFactory.define(() => { + return { + status: HttpStatus.BAD_REQUEST, + config: { headers: new AxiosHeaders() }, + isAxiosError: true, + code: HttpStatus.BAD_REQUEST.toString(), + message: 'Bad Request', + name: 'BadRequest', + response: axiosResponseFactory.build({ status: HttpStatus.BAD_REQUEST }), + stack: 'mockStack', + toJSON: () => { + return { someJson: 'someJson' }; + }, + }; +}); diff --git a/apps/server/src/shared/testing/factory/index.ts b/apps/server/src/shared/testing/factory/index.ts index bd8d0913a72..54fac672098 100644 --- a/apps/server/src/shared/testing/factory/index.ts +++ b/apps/server/src/shared/testing/factory/index.ts @@ -39,3 +39,4 @@ export * from './user.do.factory'; export * from './user.factory'; export * from './legacy-file-entity-mock.factory'; export * from './jwt.test.factory'; +export * from './axios-error.factory'; From b11b022db6c28abfa6900b45943b4760d856d826 Mon Sep 17 00:00:00 2001 From: agnisa-cap Date: Mon, 13 Nov 2023 11:13:18 +0100 Subject: [PATCH 6/6] N21-1374 removes old login flow (#4541) --- .../controller/api-test/oauth-sso.api.spec.ts | 582 ----------- .../controller/dto/authorization.params.ts | 3 - .../controller/oauth-sso.controller.spec.ts | 5 - .../oauth/controller/oauth-sso.controller.ts | 174 +--- .../oauth/mapper/oauth-login-state.mapper.ts | 9 - .../src/modules/oauth/oauth-api.module.ts | 10 +- .../oauth/service/oauth.service.spec.ts | 92 +- .../modules/oauth/service/oauth.service.ts | 25 - .../oauth/uc/dto/oauth-login-state.dto.ts | 21 - .../modules/oauth/uc/hydra-oauth.uc.spec.ts | 2 +- .../src/modules/oauth/uc/hydra-oauth.uc.ts | 7 +- apps/server/src/modules/oauth/uc/index.ts | 1 - .../src/modules/oauth/uc/oauth.uc.spec.ts | 923 ------------------ apps/server/src/modules/oauth/uc/oauth.uc.ts | 149 --- config/default.schema.json | 5 - src/services/config/publicAppConfigService.js | 1 - 16 files changed, 24 insertions(+), 1985 deletions(-) delete mode 100644 apps/server/src/modules/oauth/controller/api-test/oauth-sso.api.spec.ts delete mode 100644 apps/server/src/modules/oauth/mapper/oauth-login-state.mapper.ts delete mode 100644 apps/server/src/modules/oauth/uc/dto/oauth-login-state.dto.ts delete mode 100644 apps/server/src/modules/oauth/uc/oauth.uc.spec.ts delete mode 100644 apps/server/src/modules/oauth/uc/oauth.uc.ts diff --git a/apps/server/src/modules/oauth/controller/api-test/oauth-sso.api.spec.ts b/apps/server/src/modules/oauth/controller/api-test/oauth-sso.api.spec.ts deleted file mode 100644 index a259c405cfb..00000000000 --- a/apps/server/src/modules/oauth/controller/api-test/oauth-sso.api.spec.ts +++ /dev/null @@ -1,582 +0,0 @@ -import { Configuration } from '@hpi-schul-cloud/commons/lib'; -import { EntityManager, ObjectId } from '@mikro-orm/mongodb'; -import { ExecutionContext, INestApplication } from '@nestjs/common'; -import { Test, TestingModule } from '@nestjs/testing'; -import { Account, EntityId, SchoolEntity, SystemEntity, User } from '@shared/domain'; -import { UserLoginMigrationEntity } from '@shared/domain/entity/user-login-migration.entity'; -import { SystemProvisioningStrategy } from '@shared/domain/interface/system-provisioning.strategy'; -import { KeycloakAdministrationService } from '@infra/identity-management/keycloak-administration/service/keycloak-administration.service'; -import { - accountFactory, - cleanupCollections, - mapUserToCurrentUser, - schoolFactory, - systemFactory, - userFactory, -} from '@shared/testing'; -import { JwtTestFactory } from '@shared/testing/factory/jwt.test.factory'; -import { userLoginMigrationFactory } from '@shared/testing/factory/user-login-migration.factory'; -import { ICurrentUser } from '@modules/authentication'; -import { JwtAuthGuard } from '@modules/authentication/guard/jwt-auth.guard'; -import { SanisResponse, SanisRole } from '@modules/provisioning/strategy/sanis/response'; -import { ServerTestModule } from '@modules/server'; -import axios from 'axios'; -import MockAdapter from 'axios-mock-adapter'; -import { UUID } from 'bson'; -import { Request } from 'express'; -import request, { Response } from 'supertest'; -import { SSOAuthenticationError } from '../../interface/sso-authentication-error.enum'; -import { OauthTokenResponse } from '../../service/dto'; -import { AuthorizationParams, SSOLoginQuery } from '../dto'; - -jest.mock('jwks-rsa', () => () => { - return { - getKeys: jest.fn(), - getSigningKey: jest.fn().mockResolvedValue({ - kid: 'kid', - alg: 'RS256', - getPublicKey: jest.fn().mockReturnValue(JwtTestFactory.getPublicKey()), - rsaPublicKey: JwtTestFactory.getPublicKey(), - }), - getSigningKeys: jest.fn(), - }; -}); - -describe('OAuth SSO Controller (API)', () => { - let app: INestApplication; - let em: EntityManager; - let currentUser: ICurrentUser; - let axiosMock: MockAdapter; - - const sessionCookieName: string = Configuration.get('SESSION__NAME') as string; - beforeAll(async () => { - Configuration.set('PUBLIC_BACKEND_URL', 'http://localhost:3030/api'); - const schulcloudJwt: string = JwtTestFactory.createJwt(); - - const moduleRef: TestingModule = await Test.createTestingModule({ - imports: [ServerTestModule], - }) - .overrideGuard(JwtAuthGuard) - .useValue({ - canActivate(context: ExecutionContext) { - const req: Request = context.switchToHttp().getRequest(); - req.user = currentUser; - req.headers.authorization = schulcloudJwt; - return true; - }, - }) - .compile(); - - axiosMock = new MockAdapter(axios); - app = moduleRef.createNestApplication(); - await app.init(); - em = app.get(EntityManager); - const kcAdminService = app.get(KeycloakAdministrationService); - - axiosMock.onGet(kcAdminService.getWellKnownUrl()).reply(200, { - issuer: 'issuer', - token_endpoint: 'token_endpoint', - authorization_endpoint: 'authorization_endpoint', - end_session_endpoint: 'end_session_endpoint', - jwks_uri: 'jwks_uri', - }); - }); - - afterAll(async () => { - await app.close(); - }); - - afterEach(async () => { - await cleanupCollections(em); - }); - - const setupSessionState = async (systemId: EntityId, migration: boolean) => { - const query: SSOLoginQuery = { - migration, - }; - - const response: Response = await request(app.getHttpServer()) - .get(`/sso/login/${systemId}`) - .query(query) - .expect(302) - .expect('set-cookie', new RegExp(`^${sessionCookieName}`)); - - const cookies: string[] = response.get('Set-Cookie'); - const redirect: string = response.get('Location'); - const matchState: RegExpMatchArray | null = redirect.match(/(?<=state=)([^&]+)/); - const state = matchState ? matchState[0] : ''; - - return { - cookies, - state, - }; - }; - - const setup = async () => { - const externalUserId = 'externalUserId'; - const system: SystemEntity = systemFactory.withOauthConfig().buildWithId(); - const school: SchoolEntity = schoolFactory.buildWithId({ systems: [system] }); - const user: User = userFactory.buildWithId({ externalId: externalUserId, school }); - const account: Account = accountFactory.buildWithId({ systemId: system.id, userId: user.id }); - - await em.persistAndFlush([system, user, school, account]); - em.clear(); - - const query: AuthorizationParams = new AuthorizationParams(); - query.code = 'code'; - query.state = 'state'; - - return { - system, - user, - externalUserId, - school, - query, - }; - }; - - describe('[GET] sso/login/:systemId', () => { - describe('when no error occurs', () => { - it('should redirect to the authentication url and set a session cookie', async () => { - const { system } = await setup(); - - await request(app.getHttpServer()) - .get(`/sso/login/${system.id}`) - .expect(302) - .expect('set-cookie', new RegExp(`^${sessionCookieName}`)) - .expect( - 'Location', - /^http:\/\/mock.de\/auth\?client_id=12345&redirect_uri=http%3A%2F%2Flocalhost%3A3030%2Fapi%2Fv3%2Fsso%2Foauth&response_type=code&scope=openid\+uuid&state=\w*/ - ); - }); - }); - - describe('when an error occurs', () => { - it('should redirect to the login page', async () => { - const unknownSystemId: string = new ObjectId().toHexString(); - const clientUrl: string = Configuration.get('HOST') as string; - - await request(app.getHttpServer()) - .get(`/sso/login/${unknownSystemId}`) - .expect(302) - .expect('Location', `${clientUrl}/login?error=sso_login_failed`); - }); - }); - }); - - describe('[GET] sso/oauth', () => { - describe('when the session has no oauthLoginState', () => { - it('should return 401 Unauthorized', async () => { - await setup(); - const query: AuthorizationParams = new AuthorizationParams(); - query.code = 'code'; - query.state = 'state'; - - await request(app.getHttpServer()).get(`/sso/oauth`).query(query).expect(401); - }); - }); - - describe('when the session and the request have a different state', () => { - it('should return 401 Unauthorized', async () => { - const { system } = await setup(); - const { cookies } = await setupSessionState(system.id, false); - const query: AuthorizationParams = new AuthorizationParams(); - query.code = 'code'; - query.state = 'wrongState'; - - await request(app.getHttpServer()).get(`/sso/oauth`).set('Cookie', cookies).query(query).expect(401); - }); - }); - - describe('when code and state are valid', () => { - it('should set a jwt and redirect', async () => { - const { system, externalUserId, query } = await setup(); - const { state, cookies } = await setupSessionState(system.id, false); - const baseUrl: string = Configuration.get('HOST') as string; - query.code = 'code'; - query.state = state; - - const idToken: string = JwtTestFactory.createJwt({ - sub: 'testUser', - iss: system.oauthConfig?.issuer, - aud: system.oauthConfig?.clientId, - // For OIDC provisioning strategy - external_sub: externalUserId, - }); - - axiosMock.onPost(system.oauthConfig?.tokenEndpoint).reply(200, { - id_token: idToken, - refresh_token: 'refreshToken', - access_token: 'accessToken', - }); - - await request(app.getHttpServer()) - .get(`/sso/oauth`) - .set('Cookie', cookies) - .query(query) - .expect(302) - .expect('Location', `${baseUrl}/dashboard`) - .expect( - (res: Response) => res.get('Set-Cookie').filter((value: string) => value.startsWith('jwt')).length === 1 - ); - }); - }); - - describe('when an error occurs during the login process', () => { - it('should redirect to the login page', async () => { - const { system, query } = await setup(); - const { state, cookies } = await setupSessionState(system.id, false); - const clientUrl: string = Configuration.get('HOST') as string; - query.error = SSOAuthenticationError.ACCESS_DENIED; - query.state = state; - - await request(app.getHttpServer()) - .get(`/sso/oauth`) - .set('Cookie', cookies) - .query(query) - .expect(302) - .expect( - 'Location', - `${clientUrl}/login?error=access_denied&provider=${system.oauthConfig?.provider as string}` - ); - }); - }); - - describe('when a faulty query is passed', () => { - it('should redirect to the login page with an error', async () => { - const { system, query } = await setup(); - const { state, cookies } = await setupSessionState(system.id, false); - const clientUrl: string = Configuration.get('HOST') as string; - query.state = state; - query.code = undefined; - - await request(app.getHttpServer()) - .get(`/sso/oauth`) - .set('Cookie', cookies) - .query(query) - .expect(302) - .expect( - 'Location', - `${clientUrl}/login?error=sso_auth_code_step&provider=${system.oauthConfig?.provider as string}` - ); - }); - }); - }); - - describe('[GET] sso/oauth/migration', () => { - const mockPostOauthTokenEndpoint = ( - idToken: string, - targetSystem: SystemEntity, - targetUserId: string, - schoolExternalId: string, - officialSchoolNumber: string - ) => { - axiosMock - .onPost(targetSystem.oauthConfig?.tokenEndpoint) - .replyOnce(200, { - id_token: idToken, - refresh_token: 'refreshToken', - access_token: 'accessToken', - }) - .onGet(targetSystem.provisioningUrl) - .replyOnce(200, { - pid: targetUserId, - person: { - name: { - familienname: 'familienName', - vorname: 'vorname', - }, - geschlecht: 'weiblich', - lokalisierung: 'not necessary', - vertrauensstufe: 'not necessary', - }, - personenkontexte: [ - { - id: new UUID('aef1f4fd-c323-466e-962b-a84354c0e713').toString(), - rolle: SanisRole.LEHR, - organisation: { - id: new UUID('aef1f4fd-c323-466e-962b-a84354c0e713').toString(), - kennung: officialSchoolNumber, - name: 'schulName', - typ: 'not necessary', - }, - personenstatus: 'not necessary', - }, - ], - }); - }; - - describe('when the session has no oauthLoginState', () => { - it('should return 401 Unauthorized', async () => { - const { query } = await setup(); - - await request(app.getHttpServer()).get(`/sso/oauth/migration`).query(query).expect(401); - }); - }); - - describe('when the migration is successful', () => { - const setupMigration = async () => { - const { externalUserId, query } = await setup(); - - const targetSystem: SystemEntity = systemFactory - .withOauthConfig() - .buildWithId({ provisioningStrategy: SystemProvisioningStrategy.SANIS }, new ObjectId().toHexString(), {}); - const sourceSystem: SystemEntity = systemFactory - .withOauthConfig() - .buildWithId({ provisioningStrategy: SystemProvisioningStrategy.ISERV }, new ObjectId().toHexString(), {}); - - const sourceSchool: SchoolEntity = schoolFactory.buildWithId({ - systems: [sourceSystem], - officialSchoolNumber: '11111', - externalId: 'aef1f4fd-c323-466e-962b-a84354c0e713', - }); - const userLoginMigration: UserLoginMigrationEntity = userLoginMigrationFactory.buildWithId({ - school: sourceSchool, - targetSystem, - sourceSystem, - startedAt: new Date('2022-12-17T03:24:00'), - }); - - const targetSchoolExternalId = 'aef1f4fd-c323-466e-962b-a84354c0e714'; - - const sourceUser: User = userFactory.buildWithId({ externalId: externalUserId, school: sourceSchool }); - - const sourceUserAccount: Account = accountFactory.buildWithId({ - userId: sourceUser.id, - systemId: sourceSystem.id, - username: sourceUser.email, - }); - - await em.persistAndFlush([sourceSystem, targetSystem, sourceUser, sourceUserAccount, userLoginMigration]); - - const { state, cookies } = await setupSessionState(targetSystem.id, true); - query.code = 'code'; - query.state = state; - - return { - targetSystem, - targetSchoolExternalId, - sourceSystem, - sourceUser, - externalUserId, - query, - cookies, - }; - }; - - it('should redirect to the success page', async () => { - const { query, sourceUser, targetSystem, externalUserId, cookies, sourceSystem, targetSchoolExternalId } = - await setupMigration(); - currentUser = mapUserToCurrentUser(sourceUser, undefined, sourceSystem.id); - const baseUrl: string = Configuration.get('HOST') as string; - - const idToken: string = JwtTestFactory.createJwt({ - sub: 'testUser', - iss: targetSystem.oauthConfig?.issuer, - aud: targetSystem.oauthConfig?.clientId, - external_sub: externalUserId, - }); - - mockPostOauthTokenEndpoint(idToken, targetSystem, currentUser.userId, targetSchoolExternalId, 'NI_11111'); - - await request(app.getHttpServer()) - .get(`/sso/oauth/migration`) - .set('Cookie', cookies) - .query(query) - .expect(302) - .expect( - 'Location', - `${baseUrl}/migration/success?sourceSystem=${ - currentUser.systemId ? currentUser.systemId : '' - }&targetSystem=${targetSystem.id}` - ); - }); - }); - - describe('when currentUser has no systemId', () => { - const setupMigration = async () => { - const { externalUserId, query } = await setup(); - - const targetSystem: SystemEntity = systemFactory - .withOauthConfig() - .buildWithId({ provisioningStrategy: SystemProvisioningStrategy.SANIS }, new ObjectId().toHexString(), {}); - const sourceSystem: SystemEntity = systemFactory - .withOauthConfig() - .buildWithId({ provisioningStrategy: SystemProvisioningStrategy.ISERV }, new ObjectId().toHexString(), {}); - - const sourceSchool: SchoolEntity = schoolFactory.buildWithId({ - systems: [sourceSystem], - officialSchoolNumber: '11110', - externalId: 'aef1f4fd-c323-466e-962b-a84354c0e713', - }); - - const userLoginMigration: UserLoginMigrationEntity = userLoginMigrationFactory.buildWithId({ - school: sourceSchool, - targetSystem, - sourceSystem, - startedAt: new Date('2022-12-17T03:24:00'), - }); - - const sourceUser: User = userFactory.buildWithId({ externalId: externalUserId, school: sourceSchool }); - - await em.persistAndFlush([targetSystem, sourceUser, userLoginMigration]); - - const { state, cookies } = await setupSessionState(targetSystem.id, true); - query.code = 'code'; - query.state = state; - - return { - sourceUser, - query, - cookies, - }; - }; - - it('should throw UnprocessableEntityException', async () => { - const { sourceUser, query, cookies } = await setupMigration(); - currentUser = mapUserToCurrentUser(sourceUser, undefined, undefined); - query.error = SSOAuthenticationError.INVALID_REQUEST; - - await request(app.getHttpServer()).get(`/sso/oauth/migration`).set('Cookie', cookies).query(query).expect(422); - }); - }); - - describe('when invalid request', () => { - const setupMigration = async () => { - const { externalUserId, query } = await setup(); - - const targetSystem: SystemEntity = systemFactory - .withOauthConfig() - .buildWithId({ provisioningStrategy: SystemProvisioningStrategy.SANIS }, new ObjectId().toHexString(), {}); - const sourceSystem: SystemEntity = systemFactory - .withOauthConfig() - .buildWithId({ provisioningStrategy: SystemProvisioningStrategy.ISERV }, new ObjectId().toHexString(), {}); - - const sourceSchool: SchoolEntity = schoolFactory.buildWithId({ - systems: [sourceSystem], - officialSchoolNumber: '11111', - externalId: 'aef1f4fd-c323-466e-962b-a84354c0e713', - }); - - const userLoginMigration: UserLoginMigrationEntity = userLoginMigrationFactory.buildWithId({ - school: sourceSchool, - targetSystem, - sourceSystem, - startedAt: new Date('2022-12-17T03:24:00'), - }); - - const sourceUser: User = userFactory.buildWithId({ externalId: externalUserId, school: sourceSchool }); - - await em.persistAndFlush([sourceSystem, targetSystem, sourceSchool, sourceUser, userLoginMigration]); - - const { state, cookies } = await setupSessionState(targetSystem.id, true); - query.code = 'code'; - query.state = state; - - return { - targetSystem, - sourceSystem, - sourceUser, - query, - cookies, - }; - }; - - it('should redirect to the general migration error page', async () => { - const { sourceUser, sourceSystem, query, cookies } = await setupMigration(); - currentUser = mapUserToCurrentUser(sourceUser, undefined, sourceSystem.id); - const baseUrl: string = Configuration.get('HOST') as string; - query.error = SSOAuthenticationError.INVALID_REQUEST; - - await request(app.getHttpServer()) - .get(`/sso/oauth/migration`) - .set('Cookie', cookies) - .query(query) - .expect(302) - .expect('Location', `${baseUrl}/migration/error`); - }); - }); - - describe('when schoolnumbers mismatch', () => { - const setupMigration = async () => { - const { externalUserId, query } = await setup(); - - const targetSystem: SystemEntity = systemFactory - .withOauthConfig() - .buildWithId({ provisioningStrategy: SystemProvisioningStrategy.SANIS }, new ObjectId().toHexString(), {}); - const sourceSystem: SystemEntity = systemFactory - .withOauthConfig() - .buildWithId({ provisioningStrategy: SystemProvisioningStrategy.ISERV }, new ObjectId().toHexString(), {}); - - const sourceSchool: SchoolEntity = schoolFactory.buildWithId({ - systems: [sourceSystem], - officialSchoolNumber: '11111', - externalId: 'aef1f4fd-c323-466e-962b-a84354c0e713', - }); - - const userLoginMigration: UserLoginMigrationEntity = userLoginMigrationFactory.buildWithId({ - school: sourceSchool, - targetSystem, - sourceSystem, - startedAt: new Date('2022-12-17T03:24:00'), - }); - - const targetSchool: SchoolEntity = schoolFactory.buildWithId({ - systems: [targetSystem], - officialSchoolNumber: '22222', - externalId: 'aef1f4fd-c323-466e-962b-a84354c0e713', - }); - - const sourceUser: User = userFactory.buildWithId({ externalId: externalUserId, school: sourceSchool }); - - const targetUser: User = userFactory.buildWithId({ - externalId: 'differentExternalUserId', - school: targetSchool, - }); - - await em.persistAndFlush([sourceSystem, targetSystem, sourceUser, targetUser, userLoginMigration]); - - const { state, cookies } = await setupSessionState(targetSystem.id, true); - query.code = 'code'; - query.state = state; - - return { - targetSystem, - sourceSystem, - sourceUser, - targetUser, - targetSchoolExternalId: targetSchool.externalId as string, - query, - cookies, - }; - }; - - it('should redirect to the login page with an schoolnumber mismatch error', async () => { - const { targetSystem, sourceUser, targetUser, sourceSystem, targetSchoolExternalId, query, cookies } = - await setupMigration(); - currentUser = mapUserToCurrentUser(sourceUser, undefined, sourceSystem.id); - const baseUrl: string = Configuration.get('HOST') as string; - - const idToken: string = JwtTestFactory.createJwt({ - sub: 'differentExternalUserId', - iss: targetSystem.oauthConfig?.issuer, - aud: targetSystem.oauthConfig?.clientId, - external_sub: 'differentExternalUserId', - }); - - mockPostOauthTokenEndpoint(idToken, targetSystem, targetUser.id, targetSchoolExternalId, 'NI_22222'); - - await request(app.getHttpServer()) - .get(`/sso/oauth/migration`) - .set('Cookie', cookies) - .query(query) - .expect(302) - .expect('Location', `${baseUrl}/migration/error?sourceSchoolNumber=11111&targetSchoolNumber=22222`); - }); - }); - - afterAll(() => { - axiosMock.restore(); - }); - }); -}); diff --git a/apps/server/src/modules/oauth/controller/dto/authorization.params.ts b/apps/server/src/modules/oauth/controller/dto/authorization.params.ts index 1a20985ce43..af76d0799e4 100644 --- a/apps/server/src/modules/oauth/controller/dto/authorization.params.ts +++ b/apps/server/src/modules/oauth/controller/dto/authorization.params.ts @@ -1,9 +1,6 @@ import { IsEnum, IsNotEmpty, IsOptional, IsString } from 'class-validator'; import { SSOAuthenticationError } from '../../interface/sso-authentication-error.enum'; -/** - * @deprecated - */ export class AuthorizationParams { @IsOptional() @IsString() diff --git a/apps/server/src/modules/oauth/controller/oauth-sso.controller.spec.ts b/apps/server/src/modules/oauth/controller/oauth-sso.controller.spec.ts index 3d1a470e227..c42eeb22e24 100644 --- a/apps/server/src/modules/oauth/controller/oauth-sso.controller.spec.ts +++ b/apps/server/src/modules/oauth/controller/oauth-sso.controller.spec.ts @@ -8,7 +8,6 @@ import { HydraOauthUc } from '@modules/oauth/uc/hydra-oauth.uc'; import { Request } from 'express'; import { OauthSSOController } from './oauth-sso.controller'; import { StatelessAuthorizationParams } from './dto/stateless-authorization.params'; -import { OauthUc } from '../uc'; describe('OAuthController', () => { let module: TestingModule; @@ -52,10 +51,6 @@ describe('OAuthController', () => { provide: LegacyLogger, useValue: createMock(), }, - { - provide: OauthUc, - useValue: createMock(), - }, { provide: HydraOauthUc, useValue: createMock(), diff --git a/apps/server/src/modules/oauth/controller/oauth-sso.controller.ts b/apps/server/src/modules/oauth/controller/oauth-sso.controller.ts index 5ff7e7cae02..61ed319d1cd 100644 --- a/apps/server/src/modules/oauth/controller/oauth-sso.controller.ts +++ b/apps/server/src/modules/oauth/controller/oauth-sso.controller.ts @@ -1,150 +1,18 @@ -import { Configuration } from '@hpi-schul-cloud/commons/lib'; -import { - Controller, - Get, - InternalServerErrorException, - Param, - Query, - Req, - Res, - Session, - UnauthorizedException, - UnprocessableEntityException, -} from '@nestjs/common'; -import { ApiOkResponse, ApiResponse, ApiTags } from '@nestjs/swagger'; -import { ISession } from '@shared/domain/types/session'; +import { Authenticate, CurrentUser, ICurrentUser } from '@modules/authentication'; +import { Controller, Get, Param, Query, Req, UnauthorizedException } from '@nestjs/common'; +import { ApiTags } from '@nestjs/swagger'; import { LegacyLogger } from '@src/core/logger'; -import { ICurrentUser, Authenticate, CurrentUser, JWT } from '@modules/authentication'; -import { OAuthMigrationError } from '@modules/user-login-migration/error/oauth-migration.error'; -import { MigrationDto } from '@modules/user-login-migration/service/dto'; -import { CookieOptions, Request, Response } from 'express'; -import { HydraOauthUc } from '../uc/hydra-oauth.uc'; -import { UserMigrationResponse } from './dto/user-migration.response'; -import { OAuthSSOError } from '../loggable/oauth-sso.error'; +import { Request } from 'express'; import { OAuthTokenDto } from '../interface'; -import { OauthLoginStateMapper } from '../mapper/oauth-login-state.mapper'; -import { UserMigrationMapper } from '../mapper/user-migration.mapper'; -import { OAuthProcessDto } from '../service/dto'; -import { OauthUc } from '../uc'; -import { OauthLoginStateDto } from '../uc/dto/oauth-login-state.dto'; -import { AuthorizationParams, SSOLoginQuery, SystemIdParams } from './dto'; +import { HydraOauthUc } from '../uc'; +import { AuthorizationParams } from './dto'; import { StatelessAuthorizationParams } from './dto/stateless-authorization.params'; @ApiTags('SSO') @Controller('sso') export class OauthSSOController { - private readonly clientUrl: string; - - constructor( - private readonly oauthUc: OauthUc, - private readonly hydraUc: HydraOauthUc, - private readonly logger: LegacyLogger - ) { + constructor(private readonly hydraUc: HydraOauthUc, private readonly logger: LegacyLogger) { this.logger.setContext(OauthSSOController.name); - this.clientUrl = Configuration.get('HOST') as string; - } - - private errorHandler(error: unknown, session: ISession, res: Response, provider?: string) { - this.logger.error(error); - const ssoError: OAuthSSOError = error instanceof OAuthSSOError ? error : new OAuthSSOError(); - - session.destroy((err) => { - this.logger.log(err); - }); - - const errorRedirect: URL = new URL('/login', this.clientUrl); - errorRedirect.searchParams.append('error', ssoError.errorcode); - - if (provider) { - errorRedirect.searchParams.append('provider', provider); - } - - res.redirect(errorRedirect.toString()); - } - - private migrationErrorHandler(error: unknown, session: ISession, res: Response) { - const migrationError: OAuthMigrationError = - error instanceof OAuthMigrationError ? error : new OAuthMigrationError(); - - session.destroy((err) => { - this.logger.log(err); - }); - - const errorRedirect: URL = new URL('/migration/error', this.clientUrl); - - if (migrationError.officialSchoolNumberFromSource && migrationError.officialSchoolNumberFromTarget) { - errorRedirect.searchParams.append('sourceSchoolNumber', migrationError.officialSchoolNumberFromSource); - errorRedirect.searchParams.append('targetSchoolNumber', migrationError.officialSchoolNumberFromTarget); - } - - res.redirect(errorRedirect.toString()); - } - - private sessionHandler(session: ISession, query: AuthorizationParams): OauthLoginStateDto { - if (!session.oauthLoginState) { - throw new UnauthorizedException('Oauth session not found'); - } - - const oauthLoginState: OauthLoginStateDto = OauthLoginStateMapper.mapSessionToDto(session); - - if (oauthLoginState.state !== query.state) { - throw new UnauthorizedException(`Invalid state. Got: ${query.state} Expected: ${oauthLoginState.state}`); - } - - return oauthLoginState; - } - - @Get('login/:systemId') - async getAuthenticationUrl( - @Session() session: ISession, - @Res() res: Response, - @Param() params: SystemIdParams, - @Query() query: SSOLoginQuery - ): Promise { - try { - const redirect: string = await this.oauthUc.startOauthLogin( - session, - params.systemId, - query.migration || false, - query.postLoginRedirect - ); - - res.redirect(redirect); - } catch (error) { - this.errorHandler(error, session, res); - } - } - - @Get('oauth') - async startOauthAuthorizationCodeFlow( - @Session() session: ISession, - @Res() res: Response, - @Query() query: AuthorizationParams - ): Promise { - const oauthLoginState: OauthLoginStateDto = this.sessionHandler(session, query); - - try { - const oauthProcessDto: OAuthProcessDto = await this.oauthUc.processOAuthLogin( - oauthLoginState, - query.code, - query.error - ); - - if (oauthProcessDto.jwt) { - const cookieDefaultOptions: CookieOptions = { - httpOnly: Configuration.get('COOKIE__HTTP_ONLY') as boolean, - sameSite: Configuration.get('COOKIE__SAME_SITE') as 'lax' | 'strict' | 'none', - secure: Configuration.get('COOKIE__SECURE') as boolean, - expires: new Date(Date.now() + (Configuration.get('COOKIE__EXPIRES_SECONDS') as number)), - }; - - res.cookie('jwt', oauthProcessDto.jwt, cookieDefaultOptions); - } - - res.redirect(oauthProcessDto.redirect); - } catch (error) { - this.errorHandler(error, session, res, oauthLoginState.provider); - } } @Get('hydra/:oauthClientId') @@ -166,7 +34,7 @@ export class OauthSSOController { ): Promise { let jwt: string; const authHeader: string | undefined = req.headers.authorization; - if (authHeader && authHeader.toLowerCase().startsWith('bearer ')) { + if (authHeader?.toLowerCase()?.startsWith('bearer ')) { [, jwt] = authHeader.split(' '); } else { throw new UnauthorizedException( @@ -175,30 +43,4 @@ export class OauthSSOController { } return this.hydraUc.requestAuthCode(currentUser.userId, jwt, oauthClientId); } - - @Get('oauth/migration') - @Authenticate('jwt') - @ApiOkResponse({ description: 'The User has been succesfully migrated.' }) - @ApiResponse({ type: InternalServerErrorException, description: 'The migration of the User was not possible. ' }) - async migrateUser( - @JWT() jwt: string, - @Session() session: ISession, - @CurrentUser() currentUser: ICurrentUser, - @Query() query: AuthorizationParams, - @Res() res: Response - ): Promise { - const oauthLoginState: OauthLoginStateDto = this.sessionHandler(session, query); - - if (!currentUser.systemId) { - throw new UnprocessableEntityException('Current user does not have a system.'); - } - - try { - const migration: MigrationDto = await this.oauthUc.migrate(jwt, currentUser.userId, query, oauthLoginState); - const response: UserMigrationResponse = UserMigrationMapper.mapDtoToResponse(migration); - res.redirect(response.redirect); - } catch (error) { - this.migrationErrorHandler(error, session, res); - } - } } diff --git a/apps/server/src/modules/oauth/mapper/oauth-login-state.mapper.ts b/apps/server/src/modules/oauth/mapper/oauth-login-state.mapper.ts deleted file mode 100644 index 67c1ae8a6ef..00000000000 --- a/apps/server/src/modules/oauth/mapper/oauth-login-state.mapper.ts +++ /dev/null @@ -1,9 +0,0 @@ -import { ISession } from '@shared/domain/types/session'; -import { OauthLoginStateDto } from '../uc/dto/oauth-login-state.dto'; - -export class OauthLoginStateMapper { - static mapSessionToDto(session: ISession): OauthLoginStateDto { - const dto = new OauthLoginStateDto(session.oauthLoginState as OauthLoginStateDto); - return dto; - } -} diff --git a/apps/server/src/modules/oauth/oauth-api.module.ts b/apps/server/src/modules/oauth/oauth-api.module.ts index 98e62d87eca..2efacf66adf 100644 --- a/apps/server/src/modules/oauth/oauth-api.module.ts +++ b/apps/server/src/modules/oauth/oauth-api.module.ts @@ -1,15 +1,15 @@ -import { Module } from '@nestjs/common'; -import { LoggerModule } from '@src/core/logger'; import { AuthenticationModule } from '@modules/authentication/authentication.module'; import { AuthorizationModule } from '@modules/authorization'; -import { ProvisioningModule } from '@modules/provisioning'; import { LegacySchoolModule } from '@modules/legacy-school'; +import { ProvisioningModule } from '@modules/provisioning'; import { SystemModule } from '@modules/system'; import { UserModule } from '@modules/user'; import { UserLoginMigrationModule } from '@modules/user-login-migration'; +import { Module } from '@nestjs/common'; +import { LoggerModule } from '@src/core/logger'; import { OauthSSOController } from './controller/oauth-sso.controller'; import { OauthModule } from './oauth.module'; -import { HydraOauthUc, OauthUc } from './uc'; +import { HydraOauthUc } from './uc'; @Module({ imports: [ @@ -24,6 +24,6 @@ import { HydraOauthUc, OauthUc } from './uc'; LoggerModule, ], controllers: [OauthSSOController], - providers: [OauthUc, HydraOauthUc], + providers: [HydraOauthUc], }) export class OauthApiModule {} diff --git a/apps/server/src/modules/oauth/service/oauth.service.spec.ts b/apps/server/src/modules/oauth/service/oauth.service.spec.ts index 9c4b45582df..1ea2fe5ce07 100644 --- a/apps/server/src/modules/oauth/service/oauth.service.spec.ts +++ b/apps/server/src/modules/oauth/service/oauth.service.spec.ts @@ -1,23 +1,23 @@ import { createMock, DeepMocked } from '@golevelup/ts-jest'; import { Configuration } from '@hpi-schul-cloud/commons'; -import { Test, TestingModule } from '@nestjs/testing'; -import { LegacySchoolDo, OauthConfig, SchoolFeatures, SystemEntity } from '@shared/domain'; -import { UserDO } from '@shared/domain/domainobject/user.do'; -import { SystemProvisioningStrategy } from '@shared/domain/interface/system-provisioning.strategy'; import { DefaultEncryptionService, IEncryptionService, SymetricKeyEncryptionService } from '@infra/encryption'; -import { legacySchoolDoFactory, setupEntities, systemFactory, userDoFactory } from '@shared/testing'; -import { LegacyLogger } from '@src/core/logger'; +import { LegacySchoolService } from '@modules/legacy-school'; import { ProvisioningDto, ProvisioningService } from '@modules/provisioning'; import { ExternalSchoolDto, ExternalUserDto, OauthDataDto, ProvisioningSystemDto } from '@modules/provisioning/dto'; -import { LegacySchoolService } from '@modules/legacy-school'; import { OauthConfigDto } from '@modules/system/service'; import { SystemDto } from '@modules/system/service/dto/system.dto'; import { SystemService } from '@modules/system/service/system.service'; import { UserService } from '@modules/user'; import { MigrationCheckService, UserMigrationService } from '@modules/user-login-migration'; +import { Test, TestingModule } from '@nestjs/testing'; +import { LegacySchoolDo, OauthConfig, SchoolFeatures, SystemEntity } from '@shared/domain'; +import { UserDO } from '@shared/domain/domainobject/user.do'; +import { SystemProvisioningStrategy } from '@shared/domain/interface/system-provisioning.strategy'; +import { legacySchoolDoFactory, setupEntities, systemFactory, userDoFactory } from '@shared/testing'; +import { LegacyLogger } from '@src/core/logger'; import jwt, { JwtPayload } from 'jsonwebtoken'; -import { OAuthSSOError, UserNotFoundAfterProvisioningLoggableException } from '../loggable'; import { OAuthTokenDto } from '../interface'; +import { OAuthSSOError, UserNotFoundAfterProvisioningLoggableException } from '../loggable'; import { OauthTokenResponse } from './dto'; import { OauthAdapterService } from './oauth-adapter.service'; import { OAuthService } from './oauth.service'; @@ -560,80 +560,4 @@ describe('OAuthService', () => { }); }); }); - - describe('getAuthenticationUrl is called', () => { - describe('when a normal authentication url is requested', () => { - it('should return a authentication url', () => { - const oauthConfig: OauthConfig = new OauthConfig({ - clientId: '12345', - clientSecret: 'mocksecret', - tokenEndpoint: 'http://mock.de/mock/auth/public/mockToken', - grantType: 'authorization_code', - redirectUri: 'http://mockhost:3030/api/v3/sso/oauth/testsystemId', - scope: 'openid uuid', - responseType: 'code', - authEndpoint: 'http://mock.de/auth', - provider: 'mock_type', - logoutEndpoint: 'http://mock.de/logout', - issuer: 'mock_issuer', - jwksEndpoint: 'http://mock.de/jwks', - }); - - const result: string = service.getAuthenticationUrl(oauthConfig, 'state', false); - - expect(result).toEqual( - 'http://mock.de/auth?client_id=12345&redirect_uri=https%3A%2F%2Fmock.de%2Fapi%2Fv3%2Fsso%2Foauth&response_type=code&scope=openid+uuid&state=state' - ); - }); - }); - - describe('when a migration authentication url is requested', () => { - it('should return a authentication url', () => { - const oauthConfig: OauthConfig = new OauthConfig({ - clientId: '12345', - clientSecret: 'mocksecret', - tokenEndpoint: 'http://mock.de/mock/auth/public/mockToken', - grantType: 'authorization_code', - redirectUri: 'http://mockhost.de/api/v3/sso/oauth/testsystemId', - scope: 'openid uuid', - responseType: 'code', - authEndpoint: 'http://mock.de/auth', - provider: 'mock_type', - logoutEndpoint: 'http://mock.de/logout', - issuer: 'mock_issuer', - jwksEndpoint: 'http://mock.de/jwks', - }); - - const result: string = service.getAuthenticationUrl(oauthConfig, 'state', true); - - expect(result).toEqual( - 'http://mock.de/auth?client_id=12345&redirect_uri=https%3A%2F%2Fmock.de%2Fapi%2Fv3%2Fsso%2Foauth%2Fmigration&response_type=code&scope=openid+uuid&state=state' - ); - }); - - it('should return add an idp hint if existing authentication url', () => { - const oauthConfig: OauthConfig = new OauthConfig({ - clientId: '12345', - clientSecret: 'mocksecret', - tokenEndpoint: 'http://mock.de/mock/auth/public/mockToken', - grantType: 'authorization_code', - redirectUri: 'http://mockhost.de/api/v3/sso/oauth/testsystemId', - scope: 'openid uuid', - responseType: 'code', - authEndpoint: 'http://mock.de/auth', - provider: 'mock_type', - logoutEndpoint: 'http://mock.de/logout', - issuer: 'mock_issuer', - jwksEndpoint: 'http://mock.de/jwks', - idpHint: 'TheIdpHint', - }); - - const result: string = service.getAuthenticationUrl(oauthConfig, 'state', true); - - expect(result).toEqual( - 'http://mock.de/auth?client_id=12345&redirect_uri=https%3A%2F%2Fmock.de%2Fapi%2Fv3%2Fsso%2Foauth%2Fmigration&response_type=code&scope=openid+uuid&state=state&kc_idp_hint=TheIdpHint' - ); - }); - }); - }); }); diff --git a/apps/server/src/modules/oauth/service/oauth.service.ts b/apps/server/src/modules/oauth/service/oauth.service.ts index 190c962cd97..1f7935d919e 100644 --- a/apps/server/src/modules/oauth/service/oauth.service.ts +++ b/apps/server/src/modules/oauth/service/oauth.service.ts @@ -186,31 +186,6 @@ export class OAuthService { return redirect; } - getAuthenticationUrl(oauthConfig: OauthConfig, state: string, migration: boolean): string { - const redirectUri: string = this.getRedirectUri(migration); - - const authenticationUrl: URL = new URL(oauthConfig.authEndpoint); - authenticationUrl.searchParams.append('client_id', oauthConfig.clientId); - authenticationUrl.searchParams.append('redirect_uri', redirectUri); - authenticationUrl.searchParams.append('response_type', oauthConfig.responseType); - authenticationUrl.searchParams.append('scope', oauthConfig.scope); - authenticationUrl.searchParams.append('state', state); - if (oauthConfig.idpHint) { - authenticationUrl.searchParams.append('kc_idp_hint', oauthConfig.idpHint); - } - - return authenticationUrl.toString(); - } - - getRedirectUri(migration: boolean) { - const publicBackendUrl: string = Configuration.get('PUBLIC_BACKEND_URL') as string; - - const path: string = migration ? 'api/v3/sso/oauth/migration' : 'api/v3/sso/oauth'; - const redirectUri: URL = new URL(path, publicBackendUrl); - - return redirectUri.toString(); - } - private buildTokenRequestPayload( code: string, oauthConfig: OauthConfig, diff --git a/apps/server/src/modules/oauth/uc/dto/oauth-login-state.dto.ts b/apps/server/src/modules/oauth/uc/dto/oauth-login-state.dto.ts deleted file mode 100644 index 10d01b596d2..00000000000 --- a/apps/server/src/modules/oauth/uc/dto/oauth-login-state.dto.ts +++ /dev/null @@ -1,21 +0,0 @@ -import { EntityId } from '@shared/domain'; - -export class OauthLoginStateDto { - state: string; - - systemId: EntityId; - - provider: string; - - postLoginRedirect?: string; - - userLoginMigration: boolean; - - constructor(props: OauthLoginStateDto) { - this.state = props.state; - this.systemId = props.systemId; - this.postLoginRedirect = props.postLoginRedirect; - this.provider = props.provider; - this.userLoginMigration = props.userLoginMigration; - } -} diff --git a/apps/server/src/modules/oauth/uc/hydra-oauth.uc.spec.ts b/apps/server/src/modules/oauth/uc/hydra-oauth.uc.spec.ts index 3d42b0e977f..339bc6c09d9 100644 --- a/apps/server/src/modules/oauth/uc/hydra-oauth.uc.spec.ts +++ b/apps/server/src/modules/oauth/uc/hydra-oauth.uc.spec.ts @@ -13,7 +13,7 @@ import { AxiosResponse } from 'axios'; import { HydraOauthUc } from '.'; import { AuthorizationParams } from '../controller/dto'; import { StatelessAuthorizationParams } from '../controller/dto/stateless-authorization.params'; -import { OAuthSSOError } from '../loggable/oauth-sso.error'; +import { OAuthSSOError } from '../loggable'; import { OAuthTokenDto } from '../interface'; class HydraOauthUcSpec extends HydraOauthUc { diff --git a/apps/server/src/modules/oauth/uc/hydra-oauth.uc.ts b/apps/server/src/modules/oauth/uc/hydra-oauth.uc.ts index 905cd3c8802..2c461e6db4d 100644 --- a/apps/server/src/modules/oauth/uc/hydra-oauth.uc.ts +++ b/apps/server/src/modules/oauth/uc/hydra-oauth.uc.ts @@ -1,12 +1,11 @@ -import { Configuration } from '@hpi-schul-cloud/commons/lib'; +import { HydraRedirectDto } from '@modules/oauth/service/dto/hydra.redirect.dto'; import { Injectable, InternalServerErrorException } from '@nestjs/common'; import { OauthConfig } from '@shared/domain'; import { LegacyLogger } from '@src/core/logger'; -import { HydraRedirectDto } from '@modules/oauth/service/dto/hydra.redirect.dto'; import { AxiosRequestConfig, AxiosResponse } from 'axios'; import { AuthorizationParams } from '../controller/dto'; -import { OAuthSSOError } from '../loggable/oauth-sso.error'; import { OAuthTokenDto } from '../interface'; +import { OAuthSSOError } from '../loggable'; import { HydraSsoService } from '../service/hydra.service'; import { OAuthService } from '../service/oauth.service'; @@ -22,8 +21,6 @@ export class HydraOauthUc { private readonly MAX_REDIRECTS: number = 10; - private readonly HYDRA_PUBLIC_URI: string = Configuration.get('HYDRA_PUBLIC_URI') as string; - async getOauthToken(oauthClientId: string, code?: string, error?: string): Promise { if (error || !code) { throw new OAuthSSOError( diff --git a/apps/server/src/modules/oauth/uc/index.ts b/apps/server/src/modules/oauth/uc/index.ts index 32e4dce0f74..e1a569e5f88 100644 --- a/apps/server/src/modules/oauth/uc/index.ts +++ b/apps/server/src/modules/oauth/uc/index.ts @@ -1,2 +1 @@ -export * from './oauth.uc'; export * from './hydra-oauth.uc'; diff --git a/apps/server/src/modules/oauth/uc/oauth.uc.spec.ts b/apps/server/src/modules/oauth/uc/oauth.uc.spec.ts deleted file mode 100644 index 1e888abd5f1..00000000000 --- a/apps/server/src/modules/oauth/uc/oauth.uc.spec.ts +++ /dev/null @@ -1,923 +0,0 @@ -import { createMock, DeepMocked } from '@golevelup/ts-jest'; -import { AuthenticationService } from '@modules/authentication/services/authentication.service'; -import { LegacySchoolService } from '@modules/legacy-school'; -import { OauthUc } from '@modules/oauth/uc/oauth.uc'; -import { ProvisioningService } from '@modules/provisioning'; -import { ExternalUserDto, OauthDataDto, ProvisioningSystemDto } from '@modules/provisioning/dto'; -import { SystemService } from '@modules/system'; -import { OauthConfigDto, SystemDto } from '@modules/system/service'; -import { UserService } from '@modules/user'; -import { UserMigrationService } from '@modules/user-login-migration'; -import { OAuthMigrationError } from '@modules/user-login-migration/error/oauth-migration.error'; -import { SchoolMigrationService } from '@modules/user-login-migration/service'; -import { MigrationDto } from '@modules/user-login-migration/service/dto'; -import { UnauthorizedException, UnprocessableEntityException } from '@nestjs/common'; -import { Test, TestingModule } from '@nestjs/testing'; -import { LegacySchoolDo, UserDO } from '@shared/domain'; -import { SystemProvisioningStrategy } from '@shared/domain/interface/system-provisioning.strategy'; -import { ISession } from '@shared/domain/types/session'; -import { legacySchoolDoFactory, setupEntities } from '@shared/testing'; -import { LegacyLogger } from '@src/core/logger'; -import { OauthCurrentUser } from '@modules/authentication/interface'; -import { AuthorizationParams } from '../controller/dto'; -import { OAuthTokenDto } from '../interface'; -import { OAuthSSOError } from '../loggable/oauth-sso.error'; -import { OAuthProcessDto } from '../service/dto'; -import { OAuthService } from '../service/oauth.service'; -import { OauthLoginStateDto } from './dto/oauth-login-state.dto'; -import resetAllMocks = jest.resetAllMocks; - -jest.mock('nanoid', () => { - return { - nanoid: () => 'mockNanoId', - }; -}); - -describe('OAuthUc', () => { - let module: TestingModule; - let uc: OauthUc; - - let authenticationService: DeepMocked; - let oauthService: DeepMocked; - let systemService: DeepMocked; - let provisioningService: DeepMocked; - let userMigrationService: DeepMocked; - let userService: DeepMocked; - let schoolMigrationService: DeepMocked; - - beforeAll(async () => { - await setupEntities(); - - module = await Test.createTestingModule({ - providers: [ - OauthUc, - { - provide: LegacyLogger, - useValue: createMock(), - }, - { - provide: SystemService, - useValue: createMock(), - }, - { - provide: OAuthService, - useValue: createMock(), - }, - { - provide: AuthenticationService, - useValue: createMock(), - }, - { - provide: ProvisioningService, - useValue: createMock(), - }, - { - provide: UserService, - useValue: createMock(), - }, - { - provide: LegacySchoolService, - useValue: createMock(), - }, - { - provide: UserMigrationService, - useValue: createMock(), - }, - { - provide: SchoolMigrationService, - useValue: createMock(), - }, - { - provide: AuthenticationService, - useValue: createMock(), - }, - ], - }).compile(); - - uc = module.get(OauthUc); - systemService = module.get(SystemService); - authenticationService = module.get(AuthenticationService); - oauthService = module.get(OAuthService); - provisioningService = module.get(ProvisioningService); - userService = module.get(UserService); - userMigrationService = module.get(UserMigrationService); - schoolMigrationService = module.get(SchoolMigrationService); - authenticationService = module.get(AuthenticationService); - }); - - afterAll(async () => { - await module.close(); - }); - - afterEach(() => { - resetAllMocks(); - }); - - const createOAuthTestData = () => { - const oauthConfig: OauthConfigDto = new OauthConfigDto({ - clientId: '12345', - clientSecret: 'mocksecret', - tokenEndpoint: 'https://mock.de/mock/auth/public/mockToken', - grantType: 'authorization_code', - scope: 'openid uuid', - responseType: 'code', - authEndpoint: 'mock_authEndpoint', - provider: 'mock_provider', - logoutEndpoint: 'mock_logoutEndpoint', - issuer: 'mock_issuer', - jwksEndpoint: 'mock_jwksEndpoint', - redirectUri: 'mock_codeRedirectUri', - }); - const system: SystemDto = new SystemDto({ - id: 'systemId', - type: 'oauth', - oauthConfig, - }); - - return { - system, - systemId: system.id as string, - oauthConfig, - }; - }; - - describe('startOauthLogin', () => { - describe('when starting an oauth login without migration', () => { - const setup = () => { - const { system, systemId } = createOAuthTestData(); - - const session: DeepMocked = createMock(); - const authenticationUrl = 'authenticationUrl'; - - systemService.findById.mockResolvedValue(system); - oauthService.getAuthenticationUrl.mockReturnValue(authenticationUrl); - - return { - systemId, - session, - authenticationUrl, - }; - }; - - it('should return the authentication url for the system', async () => { - const { systemId, session, authenticationUrl } = setup(); - - const result: string = await uc.startOauthLogin(session, systemId, false); - - expect(result).toEqual(authenticationUrl); - }); - }); - - describe('when starting an oauth login during a migration', () => { - const setup = () => { - const { system, systemId } = createOAuthTestData(); - - const session: DeepMocked = createMock(); - const authenticationUrl = 'authenticationUrl'; - const postLoginRedirect = 'postLoginRedirect'; - - systemService.findById.mockResolvedValue(system); - oauthService.getAuthenticationUrl.mockReturnValue(authenticationUrl); - - return { - system, - systemId, - postLoginRedirect, - session, - }; - }; - - it('should save data to the session', async () => { - const { systemId, system, session, postLoginRedirect } = setup(); - - await uc.startOauthLogin(session, systemId, false, postLoginRedirect); - - expect(session.oauthLoginState).toEqual({ - systemId, - state: 'mockNanoId', - postLoginRedirect, - provider: system.oauthConfig?.provider as string, - userLoginMigration: false, - }); - }); - }); - - describe('when the system cannot be found', () => { - const setup = () => { - const { systemId, system } = createOAuthTestData(); - system.oauthConfig = undefined; - const session: DeepMocked = createMock(); - const authenticationUrl = 'authenticationUrl'; - - systemService.findById.mockResolvedValue(system); - oauthService.getAuthenticationUrl.mockReturnValue(authenticationUrl); - - return { - systemId, - session, - authenticationUrl, - }; - }; - - it('should throw UnprocessableEntityException', async () => { - const { systemId, session } = setup(); - - const func = async () => uc.startOauthLogin(session, systemId, false); - - await expect(func).rejects.toThrow(UnprocessableEntityException); - }); - }); - }); - - describe('processOAuth', () => { - const setup = () => { - const postLoginRedirect = 'postLoginRedirect'; - const cachedState: OauthLoginStateDto = new OauthLoginStateDto({ - state: 'state', - systemId: 'systemId', - postLoginRedirect, - provider: 'mock_provider', - userLoginMigration: false, - }); - const code = 'code'; - const error = 'error'; - - const jwt = 'schulcloudJwt'; - const redirect = 'redirect'; - const user: UserDO = new UserDO({ - id: 'mockUserId', - firstName: 'firstName', - lastName: 'lastame', - email: '', - roles: [], - schoolId: 'mockSchoolId', - externalId: 'mockExternalId', - }); - - const currentUser: OauthCurrentUser = { userId: 'userId', isExternalUser: true } as OauthCurrentUser; - const testSystem: SystemDto = new SystemDto({ - id: 'mockSystemId', - type: 'mock', - oauthConfig: { provider: 'testProvider' } as OauthConfigDto, - }); - const tokenDto: OAuthTokenDto = new OAuthTokenDto({ - idToken: 'idToken', - refreshToken: 'refreshToken', - accessToken: 'accessToken', - }); - - return { cachedState, code, error, jwt, redirect, user, currentUser, testSystem, tokenDto }; - }; - - describe('when a user is returned', () => { - it('should return a response with a valid jwt', async () => { - const { cachedState, code, error, jwt, redirect, user, currentUser, tokenDto } = setup(); - - userService.getResolvedUser.mockResolvedValue(currentUser); - authenticationService.generateJwt.mockResolvedValue({ accessToken: jwt }); - oauthService.authenticateUser.mockResolvedValue(tokenDto); - oauthService.provisionUser.mockResolvedValue({ user, redirect }); - - const response: OAuthProcessDto = await uc.processOAuthLogin(cachedState, code, error); - expect(response).toEqual( - expect.objectContaining({ - jwt, - redirect, - }) - ); - }); - }); - - describe('when no user is returned', () => { - it('should return a response without a jwt', async () => { - const { cachedState, code, error, redirect, tokenDto } = setup(); - oauthService.authenticateUser.mockResolvedValue(tokenDto); - oauthService.provisionUser.mockResolvedValue({ redirect }); - - const response: OAuthProcessDto = await uc.processOAuthLogin(cachedState, code, error); - - expect(response).toEqual({ - redirect, - }); - }); - }); - - describe('when an error occurs', () => { - it('should return an OAuthProcessDto with error', async () => { - const { cachedState, code, error, testSystem } = setup(); - oauthService.authenticateUser.mockRejectedValue(new OAuthSSOError('Testmessage')); - systemService.findById.mockResolvedValue(testSystem); - - const response = uc.processOAuthLogin(cachedState, code, error); - - await expect(response).rejects.toThrow(OAuthSSOError); - }); - }); - - describe('when the process runs successfully', () => { - it('should return a valid jwt', async () => { - const { cachedState, code, user, currentUser, jwt, redirect, tokenDto } = setup(); - - userService.getResolvedUser.mockResolvedValue(currentUser); - authenticationService.generateJwt.mockResolvedValue({ accessToken: jwt }); - oauthService.authenticateUser.mockResolvedValue(tokenDto); - oauthService.provisionUser.mockResolvedValue({ user, redirect }); - - const response: OAuthProcessDto = await uc.processOAuthLogin(cachedState, code); - - expect(response).toEqual({ - jwt, - redirect, - }); - }); - }); - }); - - describe('migration', () => { - describe('migrate', () => { - describe('when authorize user and migration was successful', () => { - const setupMigration = () => { - const code = '43534543jnj543342jn2'; - - const query: AuthorizationParams = { code, state: 'state' }; - - const cachedState: OauthLoginStateDto = new OauthLoginStateDto({ - state: 'state', - systemId: 'systemId', - provider: 'mock_provider', - userLoginMigration: true, - }); - - const oauthConfig: OauthConfigDto = new OauthConfigDto({ - clientId: '12345', - clientSecret: 'mocksecret', - tokenEndpoint: 'https://mock.de/mock/auth/public/mockToken', - grantType: 'authorization_code', - scope: 'openid uuid', - responseType: 'code', - authEndpoint: 'mock_authEndpoint', - provider: 'mock_provider', - logoutEndpoint: 'mock_logoutEndpoint', - issuer: 'mock_issuer', - jwksEndpoint: 'mock_jwksEndpoint', - redirectUri: 'mock_codeRedirectUri', - }); - - const system: SystemDto = new SystemDto({ - id: 'systemId', - type: 'oauth', - oauthConfig, - }); - - const externalUserId = 'externalUserId'; - - const oauthData: OauthDataDto = new OauthDataDto({ - system: new ProvisioningSystemDto({ - systemId: 'systemId', - provisioningStrategy: SystemProvisioningStrategy.SANIS, - }), - externalUser: new ExternalUserDto({ - externalId: externalUserId, - }), - }); - - const userMigrationDto: MigrationDto = new MigrationDto({ - redirect: 'https://mock.de/migration/succeed', - }); - - const tokenDto: OAuthTokenDto = new OAuthTokenDto({ - idToken: 'idToken', - refreshToken: 'refreshToken', - accessToken: 'accessToken', - }); - - oauthService.requestToken.mockResolvedValue(tokenDto); - provisioningService.getData.mockResolvedValue(oauthData); - systemService.findById.mockResolvedValue(system); - userMigrationService.migrateUser.mockResolvedValue(userMigrationDto); - oauthService.authenticateUser.mockResolvedValue(tokenDto); - - return { - query, - cachedState, - }; - }; - - it('should return redirect to migration succeed page', async () => { - const { query, cachedState } = setupMigration(); - - const result: MigrationDto = await uc.migrate('jwt', 'currentUserId', query, cachedState); - - expect(result.redirect).toStrictEqual('https://mock.de/migration/succeed'); - }); - - it('should remove the jwt from the whitelist', async () => { - const { query, cachedState } = setupMigration(); - - await uc.migrate('jwt', 'currentUserId', query, cachedState); - - expect(authenticationService.removeJwtFromWhitelist).toHaveBeenCalledWith('jwt'); - }); - }); - - describe('when the jwt cannot be removed', () => { - const setupMigration = () => { - const code = '43534543jnj543342jn2'; - - const query: AuthorizationParams = { code, state: 'state' }; - - const cachedState: OauthLoginStateDto = new OauthLoginStateDto({ - state: 'state', - systemId: 'systemId', - provider: 'mock_provider', - userLoginMigration: true, - }); - - const oauthConfig: OauthConfigDto = new OauthConfigDto({ - clientId: '12345', - clientSecret: 'mocksecret', - tokenEndpoint: 'https://mock.de/mock/auth/public/mockToken', - grantType: 'authorization_code', - scope: 'openid uuid', - responseType: 'code', - authEndpoint: 'mock_authEndpoint', - provider: 'mock_provider', - logoutEndpoint: 'mock_logoutEndpoint', - issuer: 'mock_issuer', - jwksEndpoint: 'mock_jwksEndpoint', - redirectUri: 'mock_codeRedirectUri', - }); - - const system: SystemDto = new SystemDto({ - id: 'systemId', - type: 'oauth', - oauthConfig, - }); - - const externalUserId = 'externalUserId'; - - const oauthData: OauthDataDto = new OauthDataDto({ - system: new ProvisioningSystemDto({ - systemId: 'systemId', - provisioningStrategy: SystemProvisioningStrategy.SANIS, - }), - externalUser: new ExternalUserDto({ - externalId: externalUserId, - }), - }); - - const userMigrationDto: MigrationDto = new MigrationDto({ - redirect: 'https://mock.de/migration/succeed', - }); - - const tokenDto: OAuthTokenDto = new OAuthTokenDto({ - idToken: 'idToken', - refreshToken: 'refreshToken', - accessToken: 'accessToken', - }); - - oauthService.requestToken.mockResolvedValue(tokenDto); - provisioningService.getData.mockResolvedValue(oauthData); - - const error: Error = new Error('testError'); - systemService.findById.mockResolvedValue(system); - userMigrationService.migrateUser.mockResolvedValue(userMigrationDto); - oauthService.authenticateUser.mockResolvedValue(tokenDto); - authenticationService.removeJwtFromWhitelist.mockRejectedValue(error); - - return { - query, - cachedState, - error, - }; - }; - - it('should throw', async () => { - const { query, error, cachedState } = setupMigration(); - - const func = () => uc.migrate('jwt', 'currentUserId', query, cachedState); - - await expect(func).rejects.toThrow(error); - }); - }); - - describe('when migration failed', () => { - const setupMigration = () => { - const code = '43534543jnj543342jn2'; - - const query: AuthorizationParams = { code, state: 'state' }; - - const cachedState: OauthLoginStateDto = new OauthLoginStateDto({ - state: 'state', - systemId: 'systemId', - provider: 'mock_provider', - userLoginMigration: true, - }); - - const externalUserId = 'externalUserId'; - - const oauthData: OauthDataDto = new OauthDataDto({ - system: new ProvisioningSystemDto({ - systemId: 'systemId', - provisioningStrategy: SystemProvisioningStrategy.SANIS, - }), - externalUser: new ExternalUserDto({ - externalId: externalUserId, - }), - }); - - const userMigrationFailedDto: MigrationDto = new MigrationDto({ - redirect: 'https://mock.de/dashboard', - }); - - const tokenDto: OAuthTokenDto = new OAuthTokenDto({ - idToken: 'idToken', - refreshToken: 'refreshToken', - accessToken: 'accessToken', - }); - - oauthService.requestToken.mockResolvedValue(tokenDto); - provisioningService.getData.mockResolvedValue(oauthData); - userMigrationService.migrateUser.mockResolvedValue(userMigrationFailedDto); - oauthService.authenticateUser.mockResolvedValue(tokenDto); - - return { - query, - cachedState, - }; - }; - - it('should return redirect to dashboard ', async () => { - const { query, cachedState } = setupMigration(); - - const result: MigrationDto = await uc.migrate('jwt', 'currentUserId', query, cachedState); - - expect(result.redirect).toStrictEqual('https://mock.de/dashboard'); - }); - }); - - describe('when external school and official school number is defined ', () => { - const setupMigration = () => { - const code = '43534543jnj543342jn2'; - - const query: AuthorizationParams = { code, state: 'state' }; - - const cachedState: OauthLoginStateDto = new OauthLoginStateDto({ - state: 'state', - systemId: 'systemId', - provider: 'mock_provider', - userLoginMigration: true, - }); - - const externalUserId = 'externalUserId'; - - const oauthData: OauthDataDto = new OauthDataDto({ - system: new ProvisioningSystemDto({ - systemId: 'systemId', - provisioningStrategy: SystemProvisioningStrategy.SANIS, - }), - externalUser: new ExternalUserDto({ - externalId: externalUserId, - }), - externalSchool: { - externalId: 'mockId', - officialSchoolNumber: 'mockNumber', - name: 'mockName', - }, - }); - - const tokenDto: OAuthTokenDto = new OAuthTokenDto({ - idToken: 'idToken', - refreshToken: 'refreshToken', - accessToken: 'accessToken', - }); - - oauthService.requestToken.mockResolvedValue(tokenDto); - provisioningService.getData.mockResolvedValue(oauthData); - oauthService.authenticateUser.mockResolvedValue(tokenDto); - - return { - query, - cachedState, - oauthData, - }; - }; - - it('should call schoolToMigrate', async () => { - const { oauthData, query, cachedState } = setupMigration(); - - await uc.migrate('jwt', 'currentUserId', query, cachedState); - - expect(schoolMigrationService.schoolToMigrate).toHaveBeenCalledWith( - 'currentUserId', - oauthData.externalSchool?.externalId, - oauthData.externalSchool?.officialSchoolNumber - ); - }); - }); - - describe('when external school and official school number is defined and school has to be migrated', () => { - const setupMigration = () => { - const code = '43534543jnj543342jn2'; - - const query: AuthorizationParams = { code, state: 'state' }; - - const cachedState: OauthLoginStateDto = new OauthLoginStateDto({ - state: 'state', - systemId: 'systemId', - provider: 'mock_provider', - userLoginMigration: true, - }); - - const externalUserId = 'externalUserId'; - - const oauthData: OauthDataDto = new OauthDataDto({ - system: new ProvisioningSystemDto({ - systemId: 'systemId', - provisioningStrategy: SystemProvisioningStrategy.SANIS, - }), - externalUser: new ExternalUserDto({ - externalId: externalUserId, - }), - externalSchool: { - externalId: 'mockId', - officialSchoolNumber: 'mockNumber', - name: 'mockName', - }, - }); - - const userMigrationDto: MigrationDto = new MigrationDto({ - redirect: 'https://mock.de/migration/succeed', - }); - - const tokenDto: OAuthTokenDto = new OAuthTokenDto({ - idToken: 'idToken', - refreshToken: 'refreshToken', - accessToken: 'accessToken', - }); - - oauthService.requestToken.mockResolvedValue(tokenDto); - provisioningService.getData.mockResolvedValue(oauthData); - const schoolToMigrate: LegacySchoolDo | void = legacySchoolDoFactory.build({ name: 'mockName' }); - oauthService.authenticateUser.mockResolvedValue(tokenDto); - schoolMigrationService.schoolToMigrate.mockResolvedValue(schoolToMigrate); - userMigrationService.migrateUser.mockResolvedValue(userMigrationDto); - - return { - query, - cachedState, - oauthData, - schoolToMigrate, - }; - }; - - it('should call migrateSchool', async () => { - const { oauthData, query, cachedState, schoolToMigrate } = setupMigration(); - - await uc.migrate('jwt', 'currentUserId', query, cachedState); - - expect(schoolMigrationService.migrateSchool).toHaveBeenCalledWith( - oauthData.externalSchool?.externalId, - schoolToMigrate, - 'systemId' - ); - }); - }); - - describe('when external school and official school number is defined and school is already migrated', () => { - const setupMigration = () => { - const code = '43534543jnj543342jn2'; - - const query: AuthorizationParams = { code, state: 'state' }; - - const cachedState: OauthLoginStateDto = new OauthLoginStateDto({ - state: 'state', - systemId: 'systemId', - provider: 'mock_provider', - userLoginMigration: true, - }); - - const externalUserId = 'externalUserId'; - - const oauthData: OauthDataDto = new OauthDataDto({ - system: new ProvisioningSystemDto({ - systemId: 'systemId', - provisioningStrategy: SystemProvisioningStrategy.SANIS, - }), - externalUser: new ExternalUserDto({ - externalId: externalUserId, - }), - externalSchool: { - externalId: 'mockId', - officialSchoolNumber: 'mockNumber', - name: 'mockName', - }, - }); - - const userMigrationDto: MigrationDto = new MigrationDto({ - redirect: 'https://mock.de/migration/succeed', - }); - - const tokenDto: OAuthTokenDto = new OAuthTokenDto({ - idToken: 'idToken', - refreshToken: 'refreshToken', - accessToken: 'accessToken', - }); - - oauthService.requestToken.mockResolvedValue(tokenDto); - provisioningService.getData.mockResolvedValue(oauthData); - oauthService.authenticateUser.mockResolvedValue(tokenDto); - schoolMigrationService.schoolToMigrate.mockResolvedValue(null); - userMigrationService.migrateUser.mockResolvedValue(userMigrationDto); - - return { - query, - cachedState, - }; - }; - - it('should not call migrateSchool', async () => { - const { query, cachedState } = setupMigration(); - - await uc.migrate('jwt', 'currentUserId', query, cachedState); - - expect(schoolMigrationService.migrateSchool).not.toHaveBeenCalled(); - }); - }); - - describe('when external school is not defined', () => { - const setupMigration = () => { - const code = '43534543jnj543342jn2'; - - const query: AuthorizationParams = { code, state: 'state' }; - - const cachedState: OauthLoginStateDto = new OauthLoginStateDto({ - state: 'state', - systemId: 'systemId', - provider: 'mock_provider', - userLoginMigration: true, - }); - - const externalUserId = 'externalUserId'; - - const oauthData: OauthDataDto = new OauthDataDto({ - system: new ProvisioningSystemDto({ - systemId: 'systemId', - provisioningStrategy: SystemProvisioningStrategy.SANIS, - }), - externalUser: new ExternalUserDto({ - externalId: externalUserId, - }), - }); - - const userMigrationDto: MigrationDto = new MigrationDto({ - redirect: 'https://mock.de/migration/succeed', - }); - - const tokenDto: OAuthTokenDto = new OAuthTokenDto({ - idToken: 'idToken', - refreshToken: 'refreshToken', - accessToken: 'accessToken', - }); - - oauthService.authenticateUser.mockResolvedValue(tokenDto); - userMigrationService.migrateUser.mockResolvedValue(userMigrationDto); - oauthService.requestToken.mockResolvedValue(tokenDto); - provisioningService.getData.mockResolvedValue(oauthData); - - return { - query, - cachedState, - }; - }; - - it('should not call schoolToMigrate', async () => { - const { query, cachedState } = setupMigration(); - - await uc.migrate('jwt', 'currentUserId', query, cachedState); - - expect(schoolMigrationService.schoolToMigrate).not.toHaveBeenCalled(); - }); - }); - - describe('when official school number is not defined', () => { - const setupMigration = () => { - const code = '43534543jnj543342jn2'; - - const query: AuthorizationParams = { code, state: 'state' }; - - const cachedState: OauthLoginStateDto = new OauthLoginStateDto({ - state: 'state', - systemId: 'systemId', - provider: 'mock_provider', - userLoginMigration: true, - }); - - const externalUserId = 'externalUserId'; - - const oauthData: OauthDataDto = new OauthDataDto({ - system: new ProvisioningSystemDto({ - systemId: 'systemId', - provisioningStrategy: SystemProvisioningStrategy.SANIS, - }), - externalUser: new ExternalUserDto({ - externalId: externalUserId, - }), - externalSchool: { - externalId: 'mockId', - name: 'mockName', - }, - }); - - const userMigrationDto: MigrationDto = new MigrationDto({ - redirect: 'https://mock.de/migration/succeed', - }); - - const tokenDto: OAuthTokenDto = new OAuthTokenDto({ - idToken: 'idToken', - refreshToken: 'refreshToken', - accessToken: 'accessToken', - }); - - const error = new OAuthMigrationError( - 'Official school number from target migration system is missing', - 'ext_official_school_number_missing' - ); - - oauthService.requestToken.mockResolvedValue(tokenDto); - provisioningService.getData.mockResolvedValue(oauthData); - oauthService.authenticateUser.mockResolvedValue(tokenDto); - schoolMigrationService.schoolToMigrate.mockImplementation(() => { - throw error; - }); - userMigrationService.migrateUser.mockResolvedValue(userMigrationDto); - - return { - query, - cachedState, - error, - }; - }; - - it('should throw OAuthMigrationError', async () => { - const { query, cachedState, error } = setupMigration(); - - await expect(uc.migrate('jwt', 'currentUserId', query, cachedState)).rejects.toThrow(error); - }); - }); - }); - - describe('when state is mismatched', () => { - const setupMigration = () => { - const cachedState: OauthLoginStateDto = new OauthLoginStateDto({ - state: 'state', - systemId: 'systemId', - provider: 'mock_provider', - userLoginMigration: true, - }); - - const query: AuthorizationParams = { state: 'failedState' }; - - const externalUserId = 'externalUserId'; - - const oauthData: OauthDataDto = new OauthDataDto({ - system: new ProvisioningSystemDto({ - systemId: 'systemId', - provisioningStrategy: SystemProvisioningStrategy.SANIS, - }), - externalUser: new ExternalUserDto({ - externalId: externalUserId, - }), - }); - - const userMigrationDto: MigrationDto = new MigrationDto({ - redirect: 'https://mock.de/migration/succeed', - }); - - const tokenDto: OAuthTokenDto = new OAuthTokenDto({ - idToken: 'idToken', - refreshToken: 'refreshToken', - accessToken: 'accessToken', - }); - - oauthService.authenticateUser.mockResolvedValue(tokenDto); - userMigrationService.migrateUser.mockResolvedValue(userMigrationDto); - oauthService.requestToken.mockResolvedValue(tokenDto); - provisioningService.getData.mockResolvedValue(oauthData); - - return { - cachedState, - query, - }; - }; - - it('should throw an UnauthorizedException', async () => { - const { cachedState, query } = setupMigration(); - - const response = uc.migrate('jwt', 'currentUserId', query, cachedState); - - await expect(response).rejects.toThrow(UnauthorizedException); - }); - }); - }); -}); diff --git a/apps/server/src/modules/oauth/uc/oauth.uc.ts b/apps/server/src/modules/oauth/uc/oauth.uc.ts deleted file mode 100644 index c495e7be05d..00000000000 --- a/apps/server/src/modules/oauth/uc/oauth.uc.ts +++ /dev/null @@ -1,149 +0,0 @@ -import { Injectable, UnauthorizedException, UnprocessableEntityException } from '@nestjs/common'; -import { EntityId, LegacySchoolDo, UserDO } from '@shared/domain'; -import { ISession } from '@shared/domain/types/session'; -import { LegacyLogger } from '@src/core/logger'; -import { AuthenticationService } from '@modules/authentication/services/authentication.service'; -import { ProvisioningService } from '@modules/provisioning'; -import { OauthDataDto } from '@modules/provisioning/dto'; -import { SystemService } from '@modules/system'; -import { SystemDto } from '@modules/system/service/dto/system.dto'; -import { UserService } from '@modules/user'; -import { UserMigrationService } from '@modules/user-login-migration'; -import { SchoolMigrationService } from '@modules/user-login-migration/service'; -import { MigrationDto } from '@modules/user-login-migration/service/dto'; -import { nanoid } from 'nanoid'; -import { OauthCurrentUser } from '@modules/authentication/interface'; -import { AuthorizationParams } from '../controller/dto'; -import { OAuthTokenDto } from '../interface'; -import { OAuthProcessDto } from '../service/dto'; -import { OAuthService } from '../service/oauth.service'; -import { OauthLoginStateDto } from './dto/oauth-login-state.dto'; - -/** - * @deprecated remove after login via oauth moved to authentication module - */ -@Injectable() -export class OauthUc { - constructor( - private readonly oauthService: OAuthService, - private readonly authenticationService: AuthenticationService, - private readonly systemService: SystemService, - private readonly provisioningService: ProvisioningService, - private readonly userService: UserService, - private readonly userMigrationService: UserMigrationService, - private readonly schoolMigrationService: SchoolMigrationService, - private readonly logger: LegacyLogger - ) { - this.logger.setContext(OauthUc.name); - } - - async startOauthLogin( - session: ISession, - systemId: EntityId, - migration: boolean, - postLoginRedirect?: string - ): Promise { - const state = nanoid(16); - - const system: SystemDto = await this.systemService.findById(systemId); - if (!system.oauthConfig) { - throw new UnprocessableEntityException(`Requested system ${systemId} has no oauth configured`); - } - - const authenticationUrl: string = this.oauthService.getAuthenticationUrl(system.oauthConfig, state, migration); - - session.oauthLoginState = new OauthLoginStateDto({ - state, - systemId, - provider: system.oauthConfig.provider, - postLoginRedirect, - userLoginMigration: migration, - }); - - return authenticationUrl; - } - - async processOAuthLogin(cachedState: OauthLoginStateDto, code?: string, error?: string): Promise { - const { state, systemId, postLoginRedirect, userLoginMigration } = cachedState; - - this.logger.debug(`Oauth login process started. [state: ${state}, system: ${systemId}]`); - - const redirectUri: string = this.oauthService.getRedirectUri(userLoginMigration); - - const tokenDto: OAuthTokenDto = await this.oauthService.authenticateUser(systemId, redirectUri, code, error); - - const { user, redirect }: { user?: UserDO; redirect: string } = await this.oauthService.provisionUser( - systemId, - tokenDto.idToken, - tokenDto.accessToken, - postLoginRedirect - ); - - this.logger.debug(`Generating jwt for user. [state: ${state}, system: ${systemId}]`); - - let jwt: string | undefined; - if (user && user.id) { - jwt = await this.getJwtForUser(user.id); - } - - const response = new OAuthProcessDto({ - jwt, - redirect, - }); - - return response; - } - - async migrate( - userJwt: string, - currentUserId: string, - query: AuthorizationParams, - cachedState: OauthLoginStateDto - ): Promise { - const { state, systemId, userLoginMigration } = cachedState; - - if (state !== query.state) { - throw new UnauthorizedException(`Invalid state. Got: ${query.state} Expected: ${state}`); - } - - const redirectUri: string = this.oauthService.getRedirectUri(userLoginMigration); - - const tokenDto: OAuthTokenDto = await this.oauthService.authenticateUser( - systemId, - redirectUri, - query.code, - query.error - ); - - const data: OauthDataDto = await this.provisioningService.getData(systemId, tokenDto.idToken, tokenDto.accessToken); - - if (data.externalSchool) { - const schoolToMigrate: LegacySchoolDo | null = await this.schoolMigrationService.schoolToMigrate( - currentUserId, - data.externalSchool.externalId, - data.externalSchool.officialSchoolNumber - ); - if (schoolToMigrate) { - await this.schoolMigrationService.migrateSchool(data.externalSchool.externalId, schoolToMigrate, systemId); - } - } - - const migrationDto: MigrationDto = await this.userMigrationService.migrateUser( - currentUserId, - data.externalUser.externalId, - systemId - ); - - await this.authenticationService.removeJwtFromWhitelist(userJwt); - - return migrationDto; - } - - private async getJwtForUser(userId: EntityId): Promise { - const oauthCurrentUser: OauthCurrentUser = await this.userService.getResolvedUser(userId); - - const { accessToken } = await this.authenticationService.generateJwt(oauthCurrentUser); - - return accessToken; - } -} diff --git a/config/default.schema.json b/config/default.schema.json index bd637b719e9..ae43648f3ea 100644 --- a/config/default.schema.json +++ b/config/default.schema.json @@ -1272,11 +1272,6 @@ "default": false, "description": "Makes the new school administration page the default page" }, - "FEATURE_CLIENT_USER_LOGIN_MIGRATION_ENABLED": { - "type": "boolean", - "default": false, - "description": "Changes the schulcloud client to use new login endpoints" - }, "FEATURE_CTL_TOOLS_TAB_ENABLED": { "type": "boolean", "default": false, diff --git a/src/services/config/publicAppConfigService.js b/src/services/config/publicAppConfigService.js index 06a54c6cf96..62615f0efb1 100644 --- a/src/services/config/publicAppConfigService.js +++ b/src/services/config/publicAppConfigService.js @@ -56,7 +56,6 @@ const exposedVars = [ 'FEATURE_ALLOW_INSECURE_LDAP_URL_ENABLED', 'FEATURE_NEW_SCHOOL_ADMINISTRATION_PAGE_AS_DEFAULT_ENABLED', 'MIGRATION_END_GRACE_PERIOD_MS', - 'FEATURE_CLIENT_USER_LOGIN_MIGRATION_ENABLED', 'FEATURE_CTL_TOOLS_TAB_ENABLED', 'FEATURE_LTI_TOOLS_TAB_ENABLED', 'FILES_STORAGE__MAX_FILE_SIZE',