sendnrw/misskey
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

upgrade to pkce-challenge@4

Browse Source
This commit is contained in:
Kagami Sascha Rosylight
2023-05-11 23:09:24 +02:00
parent b6f6819b76
commit 2b23120664
3 changed files with 20 additions and 23 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
packages/backend/package.json
View File

@@ -128,7 +128,7 @@
"otpauth": "9.1.2", "otpauth": "9.1.2",
"parse5": "7.1.2", "parse5": "7.1.2",
"pg": "8.11.0", "pg": "8.11.0",
"pkce-challenge": "^3.1.0", "pkce-challenge": "^4.0.1",
"probe-image-size": "7.2.3", "probe-image-size": "7.2.3",
"promise-limit": "2.7.0", "promise-limit": "2.7.0",
"pug": "3.0.2", "pug": "3.0.2",

24
packages/backend/test/e2e/oauth.ts
View File

@@ -35,6 +35,7 @@ function getClient(): AuthorizationCode<'client_id'> {
return new AuthorizationCode({ return new AuthorizationCode({
client: { client: {
id: `http://127.0.0.1:${clientPort}/`, id: `http://127.0.0.1:${clientPort}/`,
secret: '',
}, },
auth: { auth: {
tokenHost: host, tokenHost: host,
@@ -113,7 +114,7 @@ describe('OAuth', () => {
}); });
test('Full flow', async () => { test('Full flow', async () => {
const { code_challenge, code_verifier } = pkceChallenge.default(128); const { code_challenge, code_verifier } = await pkceChallenge(128);
const client = getClient(); const client = getClient();
@@ -168,8 +169,8 @@ describe('OAuth', () => {
test('Two concurrent flows', async () => { test('Two concurrent flows', async () => {
const client = getClient(); const client = getClient();
const pkceAlice = pkceChallenge.default(128); const pkceAlice = await pkceChallenge(128);
const pkceBob = pkceChallenge.default(128); const pkceBob = await pkceChallenge(128);
const responseAlice = await fetch(client.authorizeURL({ const responseAlice = await fetch(client.authorizeURL({
redirect_uri, redirect_uri,
@@ -285,8 +286,9 @@ describe('OAuth', () => {
assert.strictEqual((await response.json() as OAuthErrorResponse).error, 'invalid_request'); assert.strictEqual((await response.json() as OAuthErrorResponse).error, 'invalid_request');
}); });
// TODO: Use precomputed challenge/verifier set for this one for deterministic test
test('Verify PKCE', async () => { test('Verify PKCE', async () => {
const { code_challenge, code_verifier } = pkceChallenge.default(128); const { code_challenge, code_verifier } = await pkceChallenge(128);
const client = getClient(); const client = getClient();
@@ -405,7 +407,7 @@ describe('OAuth', () => {
}); });
test('Partially known scopes', async () => { test('Partially known scopes', async () => {
const { code_challenge, code_verifier } = pkceChallenge.default(128); const { code_challenge, code_verifier } = await pkceChallenge(128);
const client = getClient(); const client = getClient();
@@ -455,7 +457,7 @@ describe('OAuth', () => {
}); });
test('Duplicated scopes', async () => { test('Duplicated scopes', async () => {
const { code_challenge, code_verifier } = pkceChallenge.default(128); const { code_challenge, code_verifier } = await pkceChallenge(128);
const client = getClient(); const client = getClient();
@@ -487,7 +489,7 @@ describe('OAuth', () => {
}); });
test('Scope check by API', async () => { test('Scope check by API', async () => {
const { code_challenge, code_verifier } = pkceChallenge.default(128); const { code_challenge, code_verifier } = await pkceChallenge(128);
const client = getClient(); const client = getClient();
@@ -527,7 +529,7 @@ describe('OAuth', () => {
}); });
test('Authorization header', async () => { test('Authorization header', async () => {
const { code_challenge, code_verifier } = pkceChallenge.default(128); const { code_challenge, code_verifier } = await pkceChallenge(128);
const client = getClient(); const client = getClient();
@@ -624,7 +626,7 @@ describe('OAuth', () => {
}); });
test('Invalid redirect_uri at token endpoint', async () => { test('Invalid redirect_uri at token endpoint', async () => {
const { code_challenge, code_verifier } = pkceChallenge.default(128); const { code_challenge, code_verifier } = await pkceChallenge(128);
const client = getClient(); const client = getClient();
@@ -651,7 +653,7 @@ describe('OAuth', () => {
}); });
test('Invalid redirect_uri including the valid one at token endpoint', async () => { test('Invalid redirect_uri including the valid one at token endpoint', async () => {
const { code_challenge, code_verifier } = pkceChallenge.default(128); const { code_challenge, code_verifier } = await pkceChallenge(128);
const client = getClient(); const client = getClient();
@@ -678,7 +680,7 @@ describe('OAuth', () => {
}); });
test('No redirect_uri at token endpoint', async () => { test('No redirect_uri at token endpoint', async () => {
const { code_challenge, code_verifier } = pkceChallenge.default(128); const { code_challenge, code_verifier } = await pkceChallenge(128);
const client = getClient(); const client = getClient();

17
pnpm-lock.yaml generated
View File

@@ -300,8 +300,8 @@ importers:
specifier: 8.11.0 specifier: 8.11.0
version: 8.11.0 version: 8.11.0
pkce-challenge: pkce-challenge:
specifier: ^3.1.0 specifier: ^4.0.1
version: 3.1.0 version: 4.0.1
probe-image-size: probe-image-size:
specifier: 7.2.3 specifier: 7.2.3
version: 7.2.3 version: 7.2.3
@@ -7722,7 +7722,7 @@ packages:
/@types/http-link-header@1.0.3: /@types/http-link-header@1.0.3:
resolution: {integrity: sha512-y8HkoD/vyid+5MrJ3aas0FvU3/BVBGcyG9kgxL0Zn4JwstA8CglFPnrR0RuzOjRCXwqzL5uxWC2IO7Ub0rMU2A==} resolution: {integrity: sha512-y8HkoD/vyid+5MrJ3aas0FvU3/BVBGcyG9kgxL0Zn4JwstA8CglFPnrR0RuzOjRCXwqzL5uxWC2IO7Ub0rMU2A==}
dependencies: dependencies:
'@types/node': 20.2.5 '@types/node': 20.3.1
dev: true dev: true
/@types/istanbul-lib-coverage@2.0.4: /@types/istanbul-lib-coverage@2.0.4:
@@ -10660,10 +10660,6 @@ packages:
shebang-command: 2.0.0 shebang-command: 2.0.0
which: 2.0.2 which: 2.0.2
/crypto-js@4.1.1:
resolution: {integrity: sha512-o2JlM7ydqd3Qk9CA0L4NL6mTzU2sdx96a+oOfPu8Mkl/PK51vSyoi8/rQ8NknZtk44vq15lmhAj9CIAGwgeWKw==}
dev: false
/crypto-random-string@2.0.0: /crypto-random-string@2.0.0:
resolution: {integrity: sha512-v1plID3y9r/lPhviJ1wrXpLeyUIGAZ2SHNYTEapm7/8A9nLPoyvVp3RK/EPFqn5kEznyWgYZNsRtYYIWbuG8KA==} resolution: {integrity: sha512-v1plID3y9r/lPhviJ1wrXpLeyUIGAZ2SHNYTEapm7/8A9nLPoyvVp3RK/EPFqn5kEznyWgYZNsRtYYIWbuG8KA==}
engines: {node: '>=8'} engines: {node: '>=8'}
@@ -17156,10 +17152,9 @@ packages:
engines: {node: '>= 6'} engines: {node: '>= 6'}
dev: true dev: true
/pkce-challenge@3.1.0: /pkce-challenge@4.0.1:
resolution: {integrity: sha512-bQ/0XPZZ7eX+cdAkd61uYWpfMhakH3NeteUF1R8GNa+LMqX8QFAkbCLqq+AYAns1/ueACBu/BMWhrlKGrdvGZg==} resolution: {integrity: sha512-WGmtS1stcStsvRwNXix3iR1ujFcDaJR+sEODRa2ZFruT0lM4lhPAFTL5SUpqD5vTJdRlgtuMQhcp1kIEJx4LUw==}
dependencies: engines: {node: '>=16.20.0'}
crypto-js: 4.1.1
dev: false dev: false
/pkg-dir@3.0.0: /pkg-dir@3.0.0: