Fix account management link for delegated auth OIDC setups (#12144)
* Fix account management link for delegated auth OIDC setups Signed-off-by: Michael Telatynski <7t3chguy@gmail.com> * Fix comment Signed-off-by: Michael Telatynski <7t3chguy@gmail.com> --------- Signed-off-by: Michael Telatynski <7t3chguy@gmail.com>
This commit is contained in:
parent
5983528a8d
commit
a465b1659f
3 changed files with 91 additions and 1 deletions
|
@ -20,6 +20,7 @@ import { logger } from "matrix-js-sdk/src/logger";
|
|||
import { OidcClient } from "oidc-client-ts";
|
||||
|
||||
import { getStoredOidcTokenIssuer, getStoredOidcClientId } from "../../utils/oidc/persistOidcSettings";
|
||||
import { getDelegatedAuthAccountUrl } from "../../utils/oidc/getDelegatedAuthAccountUrl";
|
||||
|
||||
/**
|
||||
* @experimental
|
||||
|
@ -33,9 +34,10 @@ export class OidcClientStore {
|
|||
|
||||
public constructor(private readonly matrixClient: MatrixClient) {
|
||||
this.authenticatedIssuer = getStoredOidcTokenIssuer();
|
||||
// don't bother initialising store when we didnt authenticate via oidc
|
||||
if (this.authenticatedIssuer) {
|
||||
this.getOidcClient();
|
||||
} else {
|
||||
this._accountManagementEndpoint = getDelegatedAuthAccountUrl(matrixClient);
|
||||
}
|
||||
}
|
||||
|
||||
|
|
27
src/utils/oidc/getDelegatedAuthAccountUrl.ts
Normal file
27
src/utils/oidc/getDelegatedAuthAccountUrl.ts
Normal file
|
@ -0,0 +1,27 @@
|
|||
/*
|
||||
Copyright 2023 The Matrix.org Foundation C.I.C.
|
||||
|
||||
Licensed under the Apache License, Version 2.0 (the "License");
|
||||
you may not use this file except in compliance with the License.
|
||||
You may obtain a copy of the License at
|
||||
|
||||
http://www.apache.org/licenses/LICENSE-2.0
|
||||
|
||||
Unless required by applicable law or agreed to in writing, software
|
||||
distributed under the License is distributed on an "AS IS" BASIS,
|
||||
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
See the License for the specific language governing permissions and
|
||||
limitations under the License.
|
||||
*/
|
||||
|
||||
import { IClientWellKnown, IDelegatedAuthConfig, M_AUTHENTICATION } from "matrix-js-sdk/src/matrix";
|
||||
|
||||
/**
|
||||
* Get the delegated auth account management url if configured
|
||||
* @param clientWellKnown from MatrixClient.getClientWellKnown
|
||||
* @returns the account management url, or undefined
|
||||
*/
|
||||
export const getDelegatedAuthAccountUrl = (clientWellKnown: IClientWellKnown | undefined): string | undefined => {
|
||||
const delegatedAuthConfig = M_AUTHENTICATION.findIn<IDelegatedAuthConfig | undefined>(clientWellKnown);
|
||||
return delegatedAuthConfig?.account;
|
||||
};
|
61
test/utils/oidc/getDelegatedAuthAccountUrl-test.ts
Normal file
61
test/utils/oidc/getDelegatedAuthAccountUrl-test.ts
Normal file
|
@ -0,0 +1,61 @@
|
|||
/*
|
||||
Copyright 2023 The Matrix.org Foundation C.I.C.
|
||||
|
||||
Licensed under the Apache License, Version 2.0 (the "License");
|
||||
you may not use this file except in compliance with the License.
|
||||
You may obtain a copy of the License at
|
||||
|
||||
http://www.apache.org/licenses/LICENSE-2.0
|
||||
|
||||
Unless required by applicable law or agreed to in writing, software
|
||||
distributed under the License is distributed on an "AS IS" BASIS,
|
||||
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
See the License for the specific language governing permissions and
|
||||
limitations under the License.
|
||||
*/
|
||||
|
||||
import { M_AUTHENTICATION } from "matrix-js-sdk/src/matrix";
|
||||
|
||||
import { getDelegatedAuthAccountUrl } from "../../../src/utils/oidc/getDelegatedAuthAccountUrl";
|
||||
|
||||
describe("getDelegatedAuthAccountUrl()", () => {
|
||||
it("should return undefined when wk is undefined", () => {
|
||||
expect(getDelegatedAuthAccountUrl(undefined)).toBeUndefined();
|
||||
});
|
||||
|
||||
it("should return undefined when wk has no authentication config", () => {
|
||||
expect(getDelegatedAuthAccountUrl({})).toBeUndefined();
|
||||
});
|
||||
|
||||
it("should return undefined when wk authentication config has no configured account url", () => {
|
||||
expect(
|
||||
getDelegatedAuthAccountUrl({
|
||||
[M_AUTHENTICATION.stable!]: {
|
||||
issuer: "issuer.org",
|
||||
},
|
||||
}),
|
||||
).toBeUndefined();
|
||||
});
|
||||
|
||||
it("should return the account url for authentication config using the unstable prefix", () => {
|
||||
expect(
|
||||
getDelegatedAuthAccountUrl({
|
||||
[M_AUTHENTICATION.unstable!]: {
|
||||
issuer: "issuer.org",
|
||||
account: "issuer.org/account",
|
||||
},
|
||||
}),
|
||||
).toEqual("issuer.org/account");
|
||||
});
|
||||
|
||||
it("should return the account url for authentication config using the stable prefix", () => {
|
||||
expect(
|
||||
getDelegatedAuthAccountUrl({
|
||||
[M_AUTHENTICATION.stable!]: {
|
||||
issuer: "issuer.org",
|
||||
account: "issuer.org/account",
|
||||
},
|
||||
}),
|
||||
).toEqual("issuer.org/account");
|
||||
});
|
||||
});
|
Loading…
Reference in a new issue