Skip to content

Commit

Permalink
🐛 Respect auth.withCreds().uri (#171)
Browse files Browse the repository at this point in the history
* respect modified URIs from withCreds. This recreates expected behavior from virtru-sdk 3.x
* Allows setting userId query param to this recreate a bug in some virtru-sdks where this is set in other places
  • Loading branch information
dmihalcik-virtru authored Apr 5, 2023
1 parent 64a90e3 commit 44e8c4b
Show file tree
Hide file tree
Showing 5 changed files with 38 additions and 23 deletions.
1 change: 1 addition & 0 deletions cli/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -24,6 +24,7 @@ bin/opentdf.mjs \
--oidcEndpoint http://localhost:65432/auth/realms/tdf \
--auth tdf-client:123-456 \
--containerType tdf3 \
--userId alice@somewhere.there \
decrypt sample.tdf
```

Expand Down
16 changes: 8 additions & 8 deletions cli/package-lock.json

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

22 changes: 17 additions & 5 deletions cli/src/cli.ts
Original file line number Diff line number Diff line change
Expand Up @@ -16,6 +16,7 @@ type AuthToProcess = {
clientId?: string;
clientSecret?: string;
oidcEndpoint: string;
userId?: string;
};

const containerTypes = ['tdf3', 'nano', 'dataset'] as const;
Expand All @@ -27,7 +28,7 @@ const parseJwtComplete = (jwt: string) => {
return { header: parseJwt(jwt, 0), payload: parseJwt(jwt) };
};

async function processAuth({ auth, clientId, clientSecret, oidcEndpoint }: AuthToProcess) {
async function processAuth({ auth, clientId, clientSecret, oidcEndpoint, userId }: AuthToProcess) {
log('DEBUG', 'Processing auth params');
if (auth) {
log('DEBUG', 'Processing an auth string');
Expand Down Expand Up @@ -57,10 +58,15 @@ async function processAuth({ auth, clientId, clientSecret, oidcEndpoint }: AuthT
log('DEBUG', `updateClientPublicKey: [${clientPubkey}] [${signingKey?.publicKey}]`);
},
withCreds: async (httpReq: AuthProviders.HttpRequest) => {
const creds = await actual.withCreds(httpReq);
log('DEBUG', `HTTP Requesting: ${JSON.stringify(creds)}`);
requestLog.push(creds);
return creds;
const credible = await actual.withCreds(httpReq);
if (userId) {
const url = new URL(credible.url);
url.searchParams.set('userId', userId);
credible.url = url.href;
}
log('DEBUG', `HTTP Requesting: ${JSON.stringify(credible)}`);
requestLog.push(credible);
return credible;
},
};
}
Expand Down Expand Up @@ -171,6 +177,12 @@ export const handleArgs = (args: string[]) => {
default: 'nano',
})

.option('userId', {
group: 'TDF Settings',
type: 'string',
description: 'Owner email address',
})

// Examples
.example('$0 --auth ClientID123:Cli3nt$ecret', '# OIDC client credentials')

Expand Down
6 changes: 4 additions & 2 deletions lib/tdf3/src/tdf.ts
Original file line number Diff line number Diff line change
Expand Up @@ -516,7 +516,9 @@ export class TDF extends EventEmitter {
const httpReq = await this.authProvider.withCreds(this.buildRequest('POST', url, body));

try {
const response = await axios.post(url, httpReq.body, { headers: httpReq.headers });
const response = await axios.post(httpReq.url, httpReq.body, {
headers: httpReq.headers,
});

// Remove additional properties which were needed to sync, but not that we want to save to
// the manifest
Expand Down Expand Up @@ -855,7 +857,7 @@ export class TDF extends EventEmitter {
// The response from KAS on a rewrap
const {
data: { entityWrappedKey, metadata },
} = await axios.post(url, httpReq.body, { headers: httpReq.headers });
} = await axios.post(httpReq.url, httpReq.body, { headers: httpReq.headers });
responseMetadata = metadata;
const key = Binary.fromString(base64.decode(entityWrappedKey));
const decryptedKeyBinary = await cryptoService.decryptWithPrivateKey(
Expand Down
16 changes: 8 additions & 8 deletions web-app/package-lock.json

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

0 comments on commit 44e8c4b

Please sign in to comment.