Skip to content

Commit

Permalink
feat(condo): INFRA-264 OIDC Enabled field and deletedAt fix (#4344)
Browse files Browse the repository at this point in the history 
* feat(condo): INFRA-264 OIDC Enabled field and deletedAt fix

* feat(condo): INFRA-264 regenerate migration and throw separate error

* feat(condo): INFRA-264 changed error message
  • Loading branch information
@SavelevMatthew
SavelevMatthew authored Feb 21, 2024
1 parent 5bf4a4e commit f04c369
Show file tree
Hide file tree
Showing 8 changed files with 542 additions and 363 deletions.
1 change: 1 addition & 0 deletions apps/condo/bin/create-oidc-client.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -15,6 +15,7 @@ async function main (args) {
client_id: clientId,
client_secret: clientSecret,
redirect_uris: [redirectUri], // using uri as redirect_uri to show the ID Token contents
isEnabled: true,
response_types: ['code id_token', 'code', 'id_token'],
grant_types: ['implicit', 'authorization_code', 'refresh_token'], // 'implicit', 'authorization_code', 'refresh_token', or 'urn:ietf:params:oauth:grant-type:device_code'
token_endpoint_auth_method: 'client_secret_basic',
Expand Down
6 changes: 3 additions & 3 deletions apps/condo/domains/user/oidc/adapter/OidcModelClientAdapter.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -165,7 +165,7 @@ class OidcModelClientAdapter {
fingerprint: OIDC_FINGERPRINT,
},
}
const item = await OidcClient.getOne(this.context, { clientId: id })
const item = await OidcClient.getOne(this.context, { clientId: id, deletedAt: null })
if (!item) {
return await OidcClient.create(this.context, { ...dvAndSender, clientId: id, payload, expiresAt })
} else {
Expand All @@ -184,9 +184,9 @@ class OidcModelClientAdapter {
*
*/
async find (id) {
const item = await OidcClient.getOne(this.context, { clientId: id })
const item = await OidcClient.getOne(this.context, { clientId: id, isEnabled: true, deletedAt: null })
if (!item) {
throw new Error(`There is no OIDC client with clientId=${id}`)
throw new Error(`There is no active OIDC client with clientId=${id}`)
}
return item.payload
}
Expand Down
11 changes: 11 additions & 0 deletions apps/condo/domains/user/schema/OidcClient.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -65,6 +65,17 @@ const OidcClient = new GQLListSchema('OidcClient', {
type: 'Text',
},

isEnabled: {
schemaDoc:
'A switch that allows you to disable some OIDC clients. ' +
'If an OIDC client is disabled, it cannot be used for OIDC authorization. ' +
'Used mainly by developers portal to create OIDC client before publishing an application, ' +
'and enable OIDC after publishing.',
type: 'Checkbox',
isRequired: true,
defaultValue: false,
},

meta: {
schemaDoc: 'The additional client data',
type: 'Json',
Expand Down
819 changes: 459 additions & 360 deletions apps/condo/domains/user/schema/_oidc.test.js
View file

Large diffs are not rendered by default.

1 change: 1 addition & 0 deletions apps/condo/domains/user/utils/testSchema/index.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -426,6 +426,7 @@ async function createTestOidcClient (client, extraAttrs = {}) {
dv: 1,
sender,
clientId,
isEnabled: true,
payload: {
client_id: clientId,
grant_types: ['implicit', 'authorization_code', 'refresh_token'],
Expand Down
35 changes: 35 additions & 0 deletions apps/condo/migrations/20240221230519-0368_oidcclient_isenabled_and_more.js
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,35 @@
// auto generated by kmigrator
// KMIGRATOR:0368_oidcclient_isenabled_and_more:IyBHZW5lcmF0ZWQgYnkgRGphbmdvIDQuMS41IG9uIDIwMjQtMDItMjEgMTg6MDcKCmZyb20gZGphbmdvLmRiIGltcG9ydCBtaWdyYXRpb25zLCBtb2RlbHMKCgpjbGFzcyBNaWdyYXRpb24obWlncmF0aW9ucy5NaWdyYXRpb24pOgoKICAgIGRlcGVuZGVuY2llcyA9IFsKICAgICAgICAoJ19kamFuZ29fc2NoZW1hJywgJzAzNjdfbm90aWZpY2F0aW9uYW5vbnltb3Vzc2V0dGluZ2hpc3RvcnlyZWNvcmRfYW5kX21vcmUnKSwKICAgIF0KCiAgICBvcGVyYXRpb25zID0gWwogICAgICAgIG1pZ3JhdGlvbnMuQWRkRmllbGQoCiAgICAgICAgICAgIG1vZGVsX25hbWU9J29pZGNjbGllbnQnLAogICAgICAgICAgICBuYW1lPSdpc0VuYWJsZWQnLAogICAgICAgICAgICBmaWVsZD1tb2RlbHMuQm9vbGVhbkZpZWxkKGRlZmF1bHQ9VHJ1ZSksCiAgICAgICAgICAgIHByZXNlcnZlX2RlZmF1bHQ9RmFsc2UsCiAgICAgICAgKSwKICAgICAgICBtaWdyYXRpb25zLkFkZEZpZWxkKAogICAgICAgICAgICBtb2RlbF9uYW1lPSdvaWRjY2xpZW50aGlzdG9yeXJlY29yZCcsCiAgICAgICAgICAgIG5hbWU9J2lzRW5hYmxlZCcsCiAgICAgICAgICAgIGZpZWxkPW1vZGVscy5Cb29sZWFuRmllbGQoYmxhbms9VHJ1ZSwgbnVsbD1UcnVlKSwKICAgICAgICApLAogICAgXQo=

exports.up = async (knex) => {
await knex.raw(`
BEGIN;
--
-- Add field isEnabled to oidcclient
--
ALTER TABLE "OidcClient" ADD COLUMN "isEnabled" boolean DEFAULT true NOT NULL;
ALTER TABLE "OidcClient" ALTER COLUMN "isEnabled" DROP DEFAULT;
--
-- Add field isEnabled to oidcclienthistoryrecord
--
ALTER TABLE "OidcClientHistoryRecord" ADD COLUMN "isEnabled" boolean NULL;
COMMIT;
`)
}

exports.down = async (knex) => {
await knex.raw(`
BEGIN;
--
-- Add field isEnabled to oidcclienthistoryrecord
--
ALTER TABLE "OidcClientHistoryRecord" DROP COLUMN "isEnabled" CASCADE;
--
-- Add field isEnabled to oidcclient
--
ALTER TABLE "OidcClient" DROP COLUMN "isEnabled" CASCADE;
COMMIT;
`)
}
17 changes: 17 additions & 0 deletions apps/condo/schema.graphql
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1818,6 +1818,7 @@ type OidcClientHistoryRecord {
clientId: String
payload: JSON
name: String
isEnabled: Boolean
meta: JSON
expiresAt: String
id: ID!
Expand Down Expand Up @@ -1878,6 +1879,8 @@ input OidcClientHistoryRecordWhereInput {
name_not_ends_with_i: String
name_in: [String]
name_not_in: [String]
isEnabled: Boolean
isEnabled_not: Boolean
meta: JSON
meta_not: JSON
meta_in: [JSON]
Expand Down Expand Up @@ -1977,6 +1980,8 @@ enum SortOidcClientHistoryRecordsBy {
clientId_DESC
name_ASC
name_DESC
isEnabled_ASC
isEnabled_DESC
expiresAt_ASC
expiresAt_DESC
id_ASC
Expand All @@ -2001,6 +2006,7 @@ input OidcClientHistoryRecordUpdateInput {
clientId: String
payload: JSON
name: String
isEnabled: Boolean
meta: JSON
expiresAt: String
v: Int
Expand All @@ -2026,6 +2032,7 @@ input OidcClientHistoryRecordCreateInput {
clientId: String
payload: JSON
name: String
isEnabled: Boolean
meta: JSON
expiresAt: String
v: Int
Expand Down Expand Up @@ -2066,6 +2073,10 @@ type OidcClient {
""" The human readable name for client """
name: String

""" A switch that allows you to disable some OIDC clients. If an OIDC client is disabled, it cannot be used for OIDC authorization. Used mainly by developers portal to create OIDC client before publishing an application, and enable OIDC after publishing.
"""
isEnabled: Boolean

""" The additional client data """
meta: JSON

Expand Down Expand Up @@ -2143,6 +2154,8 @@ input OidcClientWhereInput {
name_not_ends_with_i: String
name_in: [String]
name_not_in: [String]
isEnabled: Boolean
isEnabled_not: Boolean
meta: JSON
meta_not: JSON
meta_in: [JSON]
Expand Down Expand Up @@ -2258,6 +2271,8 @@ enum SortOidcClientsBy {
clientId_DESC
name_ASC
name_DESC
isEnabled_ASC
isEnabled_DESC
expiresAt_ASC
expiresAt_DESC
id_ASC
Expand Down Expand Up @@ -2286,6 +2301,7 @@ input OidcClientUpdateInput {
clientId: String
payload: JSON
name: String
isEnabled: Boolean
meta: JSON
expiresAt: String
v: Int
Expand All @@ -2310,6 +2326,7 @@ input OidcClientCreateInput {
clientId: String
payload: JSON
name: String
isEnabled: Boolean
meta: JSON
expiresAt: String
v: Int
Expand Down
15 changes: 15 additions & 0 deletions apps/condo/schema.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -52301,6 +52301,8 @@ export type OidcClient = {
payload?: Maybe<Scalars['JSON']>;
/** The human readable name for client */
name?: Maybe<Scalars['String']>;
/** A switch that allows you to disable some OIDC clients. If an OIDC client is disabled, it cannot be used for OIDC authorization. Used mainly by developers portal to create OIDC client before publishing an application, and enable OIDC after publishing. */
isEnabled?: Maybe<Scalars['Boolean']>;
/** The additional client data */
meta?: Maybe<Scalars['JSON']>;
/** The timestamp of the client expiration */
Expand Down Expand Up @@ -52329,6 +52331,7 @@ export type OidcClientCreateInput = {
clientId?: Maybe<Scalars['String']>;
payload?: Maybe<Scalars['JSON']>;
name?: Maybe<Scalars['String']>;
isEnabled?: Maybe<Scalars['Boolean']>;
meta?: Maybe<Scalars['JSON']>;
expiresAt?: Maybe<Scalars['String']>;
v?: Maybe<Scalars['Int']>;
Expand Down Expand Up @@ -52358,6 +52361,7 @@ export type OidcClientHistoryRecord = {
clientId?: Maybe<Scalars['String']>;
payload?: Maybe<Scalars['JSON']>;
name?: Maybe<Scalars['String']>;
isEnabled?: Maybe<Scalars['Boolean']>;
meta?: Maybe<Scalars['JSON']>;
expiresAt?: Maybe<Scalars['String']>;
id: Scalars['ID'];
Expand All @@ -52379,6 +52383,7 @@ export type OidcClientHistoryRecordCreateInput = {
clientId?: Maybe<Scalars['String']>;
payload?: Maybe<Scalars['JSON']>;
name?: Maybe<Scalars['String']>;
isEnabled?: Maybe<Scalars['Boolean']>;
meta?: Maybe<Scalars['JSON']>;
expiresAt?: Maybe<Scalars['String']>;
v?: Maybe<Scalars['Int']>;
Expand All @@ -52405,6 +52410,7 @@ export type OidcClientHistoryRecordUpdateInput = {
clientId?: Maybe<Scalars['String']>;
payload?: Maybe<Scalars['JSON']>;
name?: Maybe<Scalars['String']>;
isEnabled?: Maybe<Scalars['Boolean']>;
meta?: Maybe<Scalars['JSON']>;
expiresAt?: Maybe<Scalars['String']>;
v?: Maybe<Scalars['Int']>;
Expand Down Expand Up @@ -52464,6 +52470,8 @@ export type OidcClientHistoryRecordWhereInput = {
name_not_ends_with_i?: Maybe<Scalars['String']>;
name_in?: Maybe<Array<Maybe<Scalars['String']>>>;
name_not_in?: Maybe<Array<Maybe<Scalars['String']>>>;
isEnabled?: Maybe<Scalars['Boolean']>;
isEnabled_not?: Maybe<Scalars['Boolean']>;
meta?: Maybe<Scalars['JSON']>;
meta_not?: Maybe<Scalars['JSON']>;
meta_in?: Maybe<Array<Maybe<Scalars['JSON']>>>;
Expand Down Expand Up @@ -52571,6 +52579,7 @@ export type OidcClientUpdateInput = {
clientId?: Maybe<Scalars['String']>;
payload?: Maybe<Scalars['JSON']>;
name?: Maybe<Scalars['String']>;
isEnabled?: Maybe<Scalars['Boolean']>;
meta?: Maybe<Scalars['JSON']>;
expiresAt?: Maybe<Scalars['String']>;
v?: Maybe<Scalars['Int']>;
Expand Down Expand Up @@ -52629,6 +52638,8 @@ export type OidcClientWhereInput = {
name_not_ends_with_i?: Maybe<Scalars['String']>;
name_in?: Maybe<Array<Maybe<Scalars['String']>>>;
name_not_in?: Maybe<Array<Maybe<Scalars['String']>>>;
isEnabled?: Maybe<Scalars['Boolean']>;
isEnabled_not?: Maybe<Scalars['Boolean']>;
meta?: Maybe<Scalars['JSON']>;
meta_not?: Maybe<Scalars['JSON']>;
meta_in?: Maybe<Array<Maybe<Scalars['JSON']>>>;
Expand Down Expand Up @@ -77486,6 +77497,8 @@ export enum SortOidcClientHistoryRecordsBy {
ClientIdDesc = 'clientId_DESC',
NameAsc = 'name_ASC',
NameDesc = 'name_DESC',
IsEnabledAsc = 'isEnabled_ASC',
IsEnabledDesc = 'isEnabled_DESC',
ExpiresAtAsc = 'expiresAt_ASC',
ExpiresAtDesc = 'expiresAt_DESC',
IdAsc = 'id_ASC',
Expand All @@ -77511,6 +77524,8 @@ export enum SortOidcClientsBy {
ClientIdDesc = 'clientId_DESC',
NameAsc = 'name_ASC',
NameDesc = 'name_DESC',
IsEnabledAsc = 'isEnabled_ASC',
IsEnabledDesc = 'isEnabled_DESC',
ExpiresAtAsc = 'expiresAt_ASC',
ExpiresAtDesc = 'expiresAt_DESC',
IdAsc = 'id_ASC',
Expand Down

0 comments on commit f04c369

Please sign in to comment.