Skip to content

Commit

Permalink
Fix a bug with idp imports where imports did not include redirectAfte…
Browse files Browse the repository at this point in the history 
…rFormPostURI
  • Loading branch information
@phalestrivir @vscheuber
phalestrivir authored and vscheuber committed Jan 21, 2025
1 parent bd4b9a4 commit ce3044f
Show file tree
Hide file tree
Showing 11 changed files with 338 additions and 186 deletions.
8 changes: 8 additions & 0 deletions src/api/ServiceApi.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -190,6 +190,14 @@ export async function putServiceNextDescendent({
globalConfig?: boolean;
state: State;
}): Promise<ServiceNextDescendent> {
// If performing an update (not create), idp updates will throw an HTTP 500 error unless the redirectAfterFormPostURI attribute has a value.
// If no redirectAfterFormPostURI is provided, importing with an empty string as its value will perform the same function without the 500 error.
if (
serviceId === 'SocialIdentityProviders' &&
serviceNextDescendentData.redirectAfterFormPostURI === undefined
) {
serviceNextDescendentData.redirectAfterFormPostURI = '';
}
const urlString = util.format(
serviceURLNextDescendentTemplate,
state.getHost(),
Expand Down
39 changes: 32 additions & 7 deletions src/api/SocialIdentityProvidersApi.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,11 +3,7 @@ import util from 'util';
import { State } from '../shared/State';
import { getCurrentRealmPath } from '../utils/ForgeRockUtils';
import { deleteDeepByKey } from '../utils/JsonUtils';
import {
type AmConfigEntityInterface,
type NoIdObjectSkeletonInterface,
type PagedResult,
} from './ApiTypes';
import { type AmConfigEntityInterface, type PagedResult } from './ApiTypes';
import { generateAmApi } from './BaseApi';

const getAllProviderTypesURLTemplate =
Expand All @@ -26,8 +22,32 @@ const getApiConfig = () => {
};

export type SocialIdpSkeleton = AmConfigEntityInterface & {
authenticationIdKey: string;
authorizationEndpoint: string;
clientAuthenticationMethod: string;
clientId: string;
clientSecret?: string | null;
clientSecretLabelIdentifier?: string;
enabled: boolean;
introspectEndpoint?: string;
issuerComparisonCheckType: string;
jwksUriEndpoint?: string;
jwtEncryptionAlgorithm: string;
jwtEncryptionMethod: string;
jwtSigningAlgorithm: string;
pkceMethod: string;
privateKeyJwtExpTime: number;
redirectAfterFormPostURI?: string;
redirectURI: string;
responseMode: string;
revocationCheckOptions: string[];
scopeDelimiter: string;
scopes: string[];
tokenEndpoint: string;
transform: string;
uiConfig: Record<string, string>;
useCustomTrustStore: boolean;
userInfoEndpoint?: string;
};

/**
Expand Down Expand Up @@ -142,7 +162,7 @@ export async function getProviderByTypeAndId({
* Get social identity provider by type and id
* @param {String} type social identity provider type
* @param {String} id social identity provider id/name
* @param {Object} providerData a social identity provider object
* @param {SocialIdpSkeleton} providerData a social identity provider object
* @returns {Promise} a promise that resolves to an object containing a social identity provider
*/
export async function putProviderByTypeAndId({
Expand All @@ -153,9 +173,14 @@ export async function putProviderByTypeAndId({
}: {
type: string;
id: string;
providerData: SocialIdpSkeleton | NoIdObjectSkeletonInterface;
providerData: SocialIdpSkeleton;
state: State;
}) {
// If performing an update (not create), idp updates will throw an HTTP 500 error unless the redirectAfterFormPostURI attribute has a value.
// If no redirectAfterFormPostURI is provided, importing with an empty string as its value will perform the same function without the 500 error.
if (providerData.redirectAfterFormPostURI === undefined) {
providerData.redirectAfterFormPostURI = '';
}
// until we figure out a way to use transport keys in Frodo,
// we'll have to drop those encrypted attributes.
const cleanData = deleteDeepByKey(providerData, '-encrypted');
Expand Down
5 changes: 2 additions & 3 deletions src/ops/IdpOps.ts
View file
Original file line number Diff line number Diff line change
@@ -1,4 +1,3 @@
import { type NoIdObjectSkeletonInterface } from '../api/ApiTypes';
import { getScript, type ScriptSkeleton } from '../api/ScriptApi';
import {
deleteProviderByTypeAndId,
Expand Down Expand Up @@ -463,7 +462,7 @@ export async function createSocialIdentityProvider({
}: {
providerType: string;
providerId: string;
providerData: SocialIdpSkeleton | NoIdObjectSkeletonInterface;
providerData: SocialIdpSkeleton;
state: State;
}): Promise<SocialIdpSkeleton> {
debugMessage({
Expand Down Expand Up @@ -500,7 +499,7 @@ export async function updateSocialIdentityProvider({
}: {
providerType: string;
providerId: string;
providerData: SocialIdpSkeleton | NoIdObjectSkeletonInterface;
providerData: SocialIdpSkeleton;
state: State;
}): Promise<SocialIdpSkeleton> {
debugMessage({
Expand Down
122 changes: 77 additions & 45 deletions .../mock-recordings/IdpOps_3439825948/1-Import-all-social-providers_3947928337/recording.har
View file

Large diffs are not rendered by default.

82 changes: 53 additions & 29 deletions ...cordings/IdpOps_3439825948/2-Import-all-social-providers-no-deps_2811074177/recording.har
View file
Original file line number Diff line number Diff line change
Expand Up @@ -8,11 +8,11 @@
},
"entries": [
{
"_id": "edf84d02001baf38660f2486818d006a",
"_id": "aad41c04f2a52a2f2fb4850817fd821a",
"_order": 0,
"cache": {},
"request": {
"bodySize": 1585,
"bodySize": 1615,
"cookies": [],
"headers": [
{
Expand All @@ -25,11 +25,11 @@
},
{
"name": "user-agent",
"value": "@rockcarver/frodo-lib/2.0.0-55"
"value": "@rockcarver/frodo-lib/3.0.1-0"
},
{
"name": "x-forgerock-transactionid",
"value": "frodo-c7fd8ff6-787b-4d74-a2f0-07cfdc3f4eee"
"value": "frodo-3c652ca1-3644-4b9d-9b3d-dceff417a01c"
},
{
"name": "accept-api-version",
Expand All @@ -41,20 +41,24 @@
},
{
"name": "content-length",
"value": 1585
"value": "1615"
},
{
"name": "accept-encoding",
"value": "gzip, compress, deflate, br"
},
{
"name": "host",
"value": "openam-frodo-dev.forgeblocks.com"
}
],
"headersSize": 1662,
"headersSize": 2048,
"httpVersion": "HTTP/1.1",
"method": "PUT",
"postData": {
"mimeType": "application/json",
"params": [],
"text": "{\"clientId\":\"aa9a179e-cdba-4db8-8477-3d1069d5ec04\",\"pkceMethod\":\"S256\",\"wellKnownEndpoint\":\"https://adfs.mytestrun.com/adfs/.well-known/openid-configuration\",\"jwtEncryptionMethod\":\"NONE\",\"authorizationEndpoint\":\"https://adfs.mytestrun.com/adfs/oauth2/authorize\",\"jwtEncryptionAlgorithm\":\"NONE\",\"issuerComparisonCheckType\":\"EXACT\",\"encryptJwtRequestParameter\":false,\"scopeDelimiter\":\" \",\"scopes\":[\"openid\",\"profile\",\"email\"],\"issuer\":\"https://adfs.mytestrun.com/adfs\",\"userInfoResponseType\":\"JSON\",\"acrValues\":[],\"jwksUriEndpoint\":\"https://adfs.mytestrun.com/adfs/discovery/keys\",\"encryptedIdTokens\":false,\"enabled\":true,\"jwtRequestParameterOption\":\"NONE\",\"authenticationIdKey\":\"sub\",\"uiConfig\":{\"buttonClass\":\"\",\"buttonCustomStyle\":\"background-color: #fff; border-color: #8b8b8b; color: #8b8b8b;\",\"buttonCustomStyleHover\":\"background-color: #fff; border-color: #8b8b8b; color: #8b8b8b;\",\"buttonDisplayName\":\"Microsoft ADFS\",\"buttonImage\":\"/login/images/microsoft-logo.png\",\"iconBackground\":\"#0078d7\",\"iconClass\":\"fa-windows\",\"iconFontColor\":\"white\"},\"privateKeyJwtExpTime\":600,\"revocationCheckOptions\":[],\"enableNativeNonce\":true,\"transform\":\"dbe0bf9a-72aa-49d5-8483-9db147985a47\",\"jwtSigningAlgorithm\":\"RS256\",\"redirectURI\":\"https://idc.scheuber.io/login\",\"clientAuthenticationMethod\":\"CLIENT_SECRET_POST\",\"responseMode\":\"DEFAULT\",\"useCustomTrustStore\":false,\"tokenEndpoint\":\"https://adfs.mytestrun.com/adfs/oauth2/token\",\"_id\":\"FrodoTestIdp7\",\"_type\":{\"_id\":\"oidcConfig\",\"name\":\"Client configuration for providers that implement the OpenID Connect specification.\",\"collection\":true}}"
"text": "{\"clientId\":\"aa9a179e-cdba-4db8-8477-3d1069d5ec04\",\"pkceMethod\":\"S256\",\"wellKnownEndpoint\":\"https://adfs.mytestrun.com/adfs/.well-known/openid-configuration\",\"jwtEncryptionMethod\":\"NONE\",\"authorizationEndpoint\":\"https://adfs.mytestrun.com/adfs/oauth2/authorize\",\"jwtEncryptionAlgorithm\":\"NONE\",\"issuerComparisonCheckType\":\"EXACT\",\"encryptJwtRequestParameter\":false,\"scopeDelimiter\":\" \",\"scopes\":[\"openid\",\"profile\",\"email\"],\"issuer\":\"https://adfs.mytestrun.com/adfs\",\"userInfoResponseType\":\"JSON\",\"acrValues\":[],\"jwksUriEndpoint\":\"https://adfs.mytestrun.com/adfs/discovery/keys\",\"encryptedIdTokens\":false,\"enabled\":true,\"jwtRequestParameterOption\":\"NONE\",\"authenticationIdKey\":\"sub\",\"uiConfig\":{\"buttonClass\":\"\",\"buttonCustomStyle\":\"background-color: #fff; border-color: #8b8b8b; color: #8b8b8b;\",\"buttonCustomStyleHover\":\"background-color: #fff; border-color: #8b8b8b; color: #8b8b8b;\",\"buttonDisplayName\":\"Microsoft ADFS\",\"buttonImage\":\"/login/images/microsoft-logo.png\",\"iconBackground\":\"#0078d7\",\"iconClass\":\"fa-windows\",\"iconFontColor\":\"white\"},\"privateKeyJwtExpTime\":600,\"revocationCheckOptions\":[],\"enableNativeNonce\":true,\"transform\":\"dbe0bf9a-72aa-49d5-8483-9db147985a47\",\"jwtSigningAlgorithm\":\"RS256\",\"redirectURI\":\"https://idc.scheuber.io/login\",\"clientAuthenticationMethod\":\"CLIENT_SECRET_POST\",\"responseMode\":\"DEFAULT\",\"useCustomTrustStore\":false,\"tokenEndpoint\":\"https://adfs.mytestrun.com/adfs/oauth2/token\",\"_id\":\"FrodoTestIdp7\",\"_type\":{\"_id\":\"oidcConfig\",\"name\":\"Client configuration for providers that implement the OpenID Connect specification.\",\"collection\":true},\"redirectAfterFormPostURI\":\"\"}"
},
"queryString": [],
"url": "https://openam-frodo-dev.forgeblocks.com/am/json/realms/root/realms/alpha/realm-config/services/SocialIdentityProviders/oidcConfig/FrodoTestIdp7"
Expand Down Expand Up @@ -108,6 +112,10 @@
"name": "expires",
"value": "0"
},
{
"name": "location",
"value": "https://openam-frodo-dev.forgeblocks.com/am/json/realms/root/realms/alpha/realm-config/services/SocialIdentityProviders/oidcConfig/FrodoTestIdp7"
},
{
"name": "pragma",
"value": "no-cache"
Expand All @@ -122,16 +130,20 @@
},
{
"name": "date",
"value": "Thu, 21 Dec 2023 01:14:09 GMT"
"value": "Mon, 09 Dec 2024 20:58:01 GMT"
},
{
"name": "x-forgerock-transactionid",
"value": "frodo-c7fd8ff6-787b-4d74-a2f0-07cfdc3f4eee"
"value": "frodo-3c652ca1-3644-4b9d-9b3d-dceff417a01c"
},
{
"name": "strict-transport-security",
"value": "max-age=31536000; includeSubDomains; preload;"
},
{
"name": "x-robots-tag",
"value": "none"
},
{
"name": "via",
"value": "1.1 google"
Expand All @@ -141,22 +153,22 @@
"value": "h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000"
}
],
"headersSize": 767,
"headersSize": 943,
"httpVersion": "HTTP/1.1",
"redirectURL": "",
"status": 200,
"statusText": "OK"
"redirectURL": "https://openam-frodo-dev.forgeblocks.com/am/json/realms/root/realms/alpha/realm-config/services/SocialIdentityProviders/oidcConfig/FrodoTestIdp7",
"status": 201,
"statusText": "Created"
},
"startedDateTime": "2023-12-21T01:14:09.858Z",
"time": 85,
"startedDateTime": "2024-12-09T20:58:00.873Z",
"time": 182,
"timings": {
"blocked": -1,
"connect": -1,
"dns": -1,
"receive": 0,
"send": 0,
"ssl": -1,
"wait": 85
"wait": 182
}
},
{
Expand All @@ -177,11 +189,11 @@
},
{
"name": "user-agent",
"value": "@rockcarver/frodo-lib/2.0.0-55"
"value": "@rockcarver/frodo-lib/3.0.1-0"
},
{
"name": "x-forgerock-transactionid",
"value": "frodo-c7fd8ff6-787b-4d74-a2f0-07cfdc3f4eee"
"value": "frodo-3c652ca1-3644-4b9d-9b3d-dceff417a01c"
},
{
"name": "accept-api-version",
Expand All @@ -193,14 +205,18 @@
},
{
"name": "content-length",
"value": 1604
"value": "1604"
},
{
"name": "accept-encoding",
"value": "gzip, compress, deflate, br"
},
{
"name": "host",
"value": "openam-frodo-dev.forgeblocks.com"
}
],
"headersSize": 1663,
"headersSize": 2049,
"httpVersion": "HTTP/1.1",
"method": "PUT",
"postData": {
Expand Down Expand Up @@ -260,6 +276,10 @@
"name": "expires",
"value": "0"
},
{
"name": "location",
"value": "https://openam-frodo-dev.forgeblocks.com/am/json/realms/root/realms/alpha/realm-config/services/SocialIdentityProviders/appleConfig/FrodoTestIdp8"
},
{
"name": "pragma",
"value": "no-cache"
Expand All @@ -274,16 +294,20 @@
},
{
"name": "date",
"value": "Thu, 21 Dec 2023 01:14:09 GMT"
"value": "Mon, 09 Dec 2024 20:58:01 GMT"
},
{
"name": "x-forgerock-transactionid",
"value": "frodo-c7fd8ff6-787b-4d74-a2f0-07cfdc3f4eee"
"value": "frodo-3c652ca1-3644-4b9d-9b3d-dceff417a01c"
},
{
"name": "strict-transport-security",
"value": "max-age=31536000; includeSubDomains; preload;"
},
{
"name": "x-robots-tag",
"value": "none"
},
{
"name": "via",
"value": "1.1 google"
Expand All @@ -293,22 +317,22 @@
"value": "h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000"
}
],
"headersSize": 768,
"headersSize": 945,
"httpVersion": "HTTP/1.1",
"redirectURL": "",
"status": 200,
"statusText": "OK"
"redirectURL": "https://openam-frodo-dev.forgeblocks.com/am/json/realms/root/realms/alpha/realm-config/services/SocialIdentityProviders/appleConfig/FrodoTestIdp8",
"status": 201,
"statusText": "Created"
},
"startedDateTime": "2023-12-21T01:14:09.957Z",
"time": 88,
"startedDateTime": "2024-12-09T20:58:01.064Z",
"time": 176,
"timings": {
"blocked": -1,
"connect": -1,
"dns": -1,
"receive": 0,
"send": 0,
"ssl": -1,
"wait": 88
"wait": 176
}
}
],
Expand Down
Loading

0 comments on commit ce3044f

Please sign in to comment.