OIDC: use delegated auth account URL from OidcClientStore (#11723)

* test persistCredentials without a pickle key * test setLoggedIn with pickle key * lint * type error * extract token persisting code into function, persist refresh token * store has_refresh_token too * pass refreshToken from oidcAuthGrant into credentials * rest restore session with pickle key * retreive stored refresh token and add to credentials * extract token decryption into function * remove TODO * very messy poc * utils to persist clientId and issuer after oidc authentication * add dep oidc-client-ts * persist issuer and clientId after successful oidc auth * add OidcClientStore * comments and tidy * expose getters for stored refresh and access tokens in Lifecycle * revoke tokens with oidc provider * test logout action in MatrixChat * comments * prettier * test OidcClientStore.revokeTokens * put pickle key destruction back * comment pedantry * working refresh without persistence * extract token persistence functions to utils * add sugar * implement TokenRefresher class with persistence * tidying * persist idTokenClaims * persist idTokenClaims * tests * remove unused cde * create token refresher during doSetLoggedIn * tidying * also tidying * OidcClientStore.initClient use stored issuer when client well known unavailable * test Lifecycle.logout * update Lifecycle test replaceUsingCreds calls * fix test * add sdkContext to UserSettingsDialog * use sdkContext and oidcClientStore in session manager * use sdkContext and OidcClientStore in generalusersettingstab * tidy * test tokenrefresher creation in login flow * test token refresher * Update src/utils/oidc/TokenRefresher.ts Co-authored-by: Richard van der Hoff <1389908+richvdh@users.noreply.github.com> * use literal value for m.authentication Co-authored-by: Richard van der Hoff <1389908+richvdh@users.noreply.github.com> * improve comments * fix test mock, comment * typo * add sdkContext to SoftLogout, pass oidcClientStore to logout * fullstops * comments * fussy comment formatting --------- Co-authored-by: Richard van der Hoff <1389908+richvdh@users.noreply.github.com>
2023-10-16 12:03:25 +13:00 · 2023-10-16 12:03:25 +13:00 · d9d52fba8c
commit d9d52fba8c
parent 84ca519b3f
10 changed files with 96 additions and 179 deletions
--- a/test/utils/oidc/getDelegatedAuthAccountUrl-test.ts
+++ b/test/utils/oidc/getDelegatedAuthAccountUrl-test.ts
@ -1,61 +0,0 @@
-/*
-Copyright 2023 The Matrix.org Foundation C.I.C.
-
-Licensed under the Apache License, Version 2.0 (the "License");
-you may not use this file except in compliance with the License.
-You may obtain a copy of the License at
-
-    http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
-*/
-
-import { M_AUTHENTICATION } from "matrix-js-sdk/src/matrix";
-
-import { getDelegatedAuthAccountUrl } from "../../../src/utils/oidc/getDelegatedAuthAccountUrl";
-
-describe("getDelegatedAuthAccountUrl()", () => {
-    it("should return undefined when wk is undefined", () => {
-        expect(getDelegatedAuthAccountUrl(undefined)).toBeUndefined();
-    });
-
-    it("should return undefined when wk has no authentication config", () => {
-        expect(getDelegatedAuthAccountUrl({})).toBeUndefined();
-    });
-
-    it("should return undefined when wk authentication config has no configured account url", () => {
-        expect(
-            getDelegatedAuthAccountUrl({
-                [M_AUTHENTICATION.stable!]: {
-                    issuer: "issuer.org",
-                },
-            }),
-        ).toBeUndefined();
-    });
-
-    it("should return the account url for authentication config using the unstable prefix", () => {
-        expect(
-            getDelegatedAuthAccountUrl({
-                [M_AUTHENTICATION.unstable!]: {
-                    issuer: "issuer.org",
-                    account: "issuer.org/account",
-                },
-            }),
-        ).toEqual("issuer.org/account");
-    });
-
-    it("should return the account url for authentication config using the stable prefix", () => {
-        expect(
-            getDelegatedAuthAccountUrl({
-                [M_AUTHENTICATION.stable!]: {
-                    issuer: "issuer.org",
-                    account: "issuer.org/account",
-                },
-            }),
-        ).toEqual("issuer.org/account");
-    });
-});