Alpha2: Added debug statements (#50)

bcgov · Mar 28, 2024 · 543f1a7 · 543f1a7
2 parents 85398e2 + 6ba02cd
commit 543f1a7
Show file tree

Hide file tree

Showing 4 changed files with 50 additions and 8 deletions.
diff --git a/package.json b/package.json
@@ -1,6 +1,6 @@
 {
   "name": "@bcgov/citz-imb-sso-express",
-  "version": "1.0.0-alpha",
+  "version": "1.0.0-alpha2",
   "description": "BCGov SSO integration for Express API",
   "author": "CITZ IMB Common Code <citz.codemvp@gov.bc.ca>",
   "license": "Apache-2.0",

diff --git a/src/config.ts b/src/config.ts
@@ -1,9 +1,9 @@
-/* eslint-disable @typescript-eslint/no-unused-vars */
 const {
   FRONTEND_URL,
   BACKEND_URL,
   SSO_AUTH_SERVER_URL = 'https://dev.loginproxy.gov.bc.ca/auth/realms/standard/protocol/openid-connect',
   SM_LOGOUT_URL = 'https://logontest7.gov.bc.ca/clp-cgi/logoff.cgi',
+  COOKIE_DOMAIN = '.gov.bc.ca',
   SSO_CLIENT_ID,
   SSO_CLIENT_SECRET,
   DEBUG = 'false',
@@ -17,6 +17,7 @@ const config = {
   PACKAGE_NAME: 'citz-imb-sso-express',
   SSO_CLIENT_ID,
   SSO_CLIENT_SECRET,
+  COOKIE_DOMAIN,
   KC_AUTHORIZATION_URL: `${SSO_AUTH_SERVER_URL}/auth`,
   KC_TOKEN_URL: `${SSO_AUTH_SERVER_URL}/token`,
   KC_INTROSPECT_URL: `${SSO_AUTH_SERVER_URL}/token/introspect`,

diff --git a/src/controllers.ts b/src/controllers.ts
@@ -6,7 +6,7 @@ import { getUserInfo, normalizeUser } from './utils/user';
 import debug from './utils/debug';
 
 import config from './config';
-const { FRONTEND_URL } = config;
+const { COOKIE_DOMAIN, FRONTEND_URL } = config;
 
 /**
  * Prompts the user to login.
@@ -19,7 +19,11 @@ export const login = (options?: SSOOptions) => {
     debug.controllerCalled('login');
     try {
       const { idp } = req.query;
-      if (!req.token) return res.redirect(getLoginURL(idp as IdentityProvider));
+
+      const redirectURL = getLoginURL(idp as IdentityProvider);
+      debug.loginURL(redirectURL);
+      if (!req.token) return res.redirect(redirectURL);
+
       return res.redirect('');
     } catch (error: unknown) {
       // Log error and send response
@@ -46,13 +50,17 @@ export const loginCallback = (options?: SSOOptions) => {
       const { code } = req.query;
       const { access_token, refresh_token, refresh_expires_in } = await getTokens(code as string);
 
+      const redirectURL = `${FRONTEND_URL}?refresh_expires_in=${refresh_expires_in}`;
+      debug.loginCallbackRedirectURL(redirectURL);
+
       // Send response.
       res
         .cookie('refresh_token', refresh_token, {
           httpOnly: true,
           secure: true,
+          domain: COOKIE_DOMAIN,
         })
-        .redirect(`${FRONTEND_URL}?refresh_expires_in=${refresh_expires_in}`);
+        .redirect(redirectURL);
 
       // Run after login callback request.
       if (options?.afterUserLogin) {
@@ -86,7 +94,10 @@ export const logout = (options?: SSOOptions) => {
     try {
       const { id_token } = req.query;
       if (!id_token) return res.status(401).send('id_token query param required');
-      res.redirect(getLogoutURL(id_token as string));
+
+      const redirectURL = getLogoutURL(id_token as string);
+      debug.logoutURL(redirectURL);
+      res.redirect(redirectURL);
 
       // Run after logout callback request.
       if (options?.afterUserLogout) {
@@ -119,7 +130,9 @@ export const logoutCallback = (options?: SSOOptions) => {
   const request = async (req: Request, res: Response) => {
     debug.controllerCalled('logoutCallback');
     try {
-      res.cookie('refresh_token', '', { httpOnly: true, secure: true }).redirect(FRONTEND_URL);
+      res
+        .cookie('refresh_token', '', { httpOnly: true, secure: true })
+        .redirect(FRONTEND_URL ?? '');
     } catch (error: unknown) {
       // Log error and send response
       debug.controllerError('logoutCallback', error);
@@ -144,8 +157,10 @@ export const refreshToken = (options?: SSOOptions) => {
     debug.controllerCalled('refreshToken');
     try {
       const { refresh_token } = req.cookies;
-      if (!refresh_token || refresh_token === '')
+      if (!refresh_token || refresh_token === '') {
+        debug.unauthorizedTokenError(refresh_token);
         return res.status(401).send('Cookies must include refresh_token.');
+      }
 
       const tokens = await getNewTokens(refresh_token);
 

diff --git a/src/utils/debug.ts b/src/utils/debug.ts
@@ -28,10 +28,36 @@ const initialized = () => {
   if (DEBUG) console.info(`DEBUG: Initialized '${PACKAGE_NAME}'.`);
 };
 
+const unauthorizedTokenError = (refresh_token: string) => {
+  if (DEBUG && VERBOSE_DEBUG)
+    console.info(`DEBUG: refresh_token of '${PACKAGE_NAME}' token endpoint is '${refresh_token}'.`);
+};
+
+const loginURL = (url: string) => {
+  if (DEBUG && VERBOSE_DEBUG)
+    console.info(`DEBUG: loginURL of '${PACKAGE_NAME}' login endpoint is '${url}'.`);
+};
+
+const logoutURL = (url: string) => {
+  if (DEBUG && VERBOSE_DEBUG)
+    console.info(`DEBUG: logoutURL of '${PACKAGE_NAME}' logout endpoint is '${url}'.`);
+};
+
+const loginCallbackRedirectURL = (url: string) => {
+  if (DEBUG && VERBOSE_DEBUG)
+    console.info(
+      `DEBUG: loginCallbackRedirectURL of '${PACKAGE_NAME}' login/callback endpoint is '${url}'.`,
+    );
+};
+
 export default {
   controllerCalled,
   controllerError,
   afterUserLogout,
   afterUserLogin,
   initialized,
+  unauthorizedTokenError,
+  loginURL,
+  logoutURL,
+  loginCallbackRedirectURL,
 };