From 44e8c4bcacb5b6123290bfff7f7351929a295673 Mon Sep 17 00:00:00 2001 From: Dave Mihalcik <38867245+dmihalcik-virtru@users.noreply.github.com> Date: Wed, 5 Apr 2023 16:12:54 -0400 Subject: [PATCH] =?UTF-8?q?=F0=9F=90=9B=20Respect=20auth.withCreds().uri?= =?UTF-8?q?=20(#171)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * respect modified URIs from withCreds. This recreates expected behavior from virtru-sdk 3.x * Allows setting userId query param to this recreate a bug in some virtru-sdks where this is set in other places --- cli/README.md | 1 + cli/package-lock.json | 16 ++++++++-------- cli/src/cli.ts | 22 +++++++++++++++++----- lib/tdf3/src/tdf.ts | 6 ++++-- web-app/package-lock.json | 16 ++++++++-------- 5 files changed, 38 insertions(+), 23 deletions(-) diff --git a/cli/README.md b/cli/README.md index 7ea5a80a..41483022 100644 --- a/cli/README.md +++ b/cli/README.md @@ -24,6 +24,7 @@ bin/opentdf.mjs \ --oidcEndpoint http://localhost:65432/auth/realms/tdf \ --auth tdf-client:123-456 \ --containerType tdf3 \ + --userId alice@somewhere.there \ decrypt sample.tdf ``` diff --git a/cli/package-lock.json b/cli/package-lock.json index 041a2e7f..5616e154 100644 --- a/cli/package-lock.json +++ b/cli/package-lock.json @@ -1421,7 +1421,7 @@ "node_modules/@opentdf/client": { "version": "0.4.0", "resolved": "file:../lib/opentdf-client-0.4.0.tgz", - "integrity": "sha512-vvUOvgAvCbg8spk5YuEW0GCwFmFyIbz/M7Qg5kZRS195N8PnzjwvlAu3yN01jT8N0CVieBo0JNYgZBMdeQlsdg==", + "integrity": "sha512-wG5i0XozNWRipZMN51cNBgq0oiP28NFJ2egr2GzQbSyisFhEMS/7pL2g9lqDUipK1gFReSzkNZI1hFhJppYsIw==", "license": "BSD-3-Clause-Clear", "dependencies": { "@aws-sdk/client-s3": "3.197.0", @@ -1908,9 +1908,9 @@ "integrity": "sha512-Oei9OH4tRh0YqU3GxhX79dM/mwVgvbZJaSNaRk+bshkj0S5cfHcgYakreBjrHwatXKbz+IoIdYLxrKim2MjW0Q==" }, "node_modules/axios": { - "version": "1.3.4", - "resolved": "https://registry.npmjs.org/axios/-/axios-1.3.4.tgz", - "integrity": "sha512-toYm+Bsyl6VC5wSkfkbbNB6ROv7KY93PEBBL6xyDczaIHasAiv4wPqQ/c4RjoQzipxRD2W5g21cOqQulZ7rHwQ==", + "version": "1.3.5", + "resolved": "https://registry.npmjs.org/axios/-/axios-1.3.5.tgz", + "integrity": "sha512-glL/PvG/E+xCWwV8S6nCHcrfg1exGx7vxyUIivIA1iL7BIh6bePylCfVHwp6k13ao7SATxB6imau2kqY+I67kw==", "dependencies": { "follow-redirects": "^1.15.0", "form-data": "^4.0.0", @@ -5744,7 +5744,7 @@ }, "@opentdf/client": { "version": "file:../lib/opentdf-client-0.4.0.tgz", - "integrity": "sha512-vvUOvgAvCbg8spk5YuEW0GCwFmFyIbz/M7Qg5kZRS195N8PnzjwvlAu3yN01jT8N0CVieBo0JNYgZBMdeQlsdg==", + "integrity": "sha512-wG5i0XozNWRipZMN51cNBgq0oiP28NFJ2egr2GzQbSyisFhEMS/7pL2g9lqDUipK1gFReSzkNZI1hFhJppYsIw==", "requires": { "@aws-sdk/client-s3": "3.197.0", "axios": "^1.2.3", @@ -6104,9 +6104,9 @@ "integrity": "sha512-Oei9OH4tRh0YqU3GxhX79dM/mwVgvbZJaSNaRk+bshkj0S5cfHcgYakreBjrHwatXKbz+IoIdYLxrKim2MjW0Q==" }, "axios": { - "version": "1.3.4", - "resolved": "https://registry.npmjs.org/axios/-/axios-1.3.4.tgz", - "integrity": "sha512-toYm+Bsyl6VC5wSkfkbbNB6ROv7KY93PEBBL6xyDczaIHasAiv4wPqQ/c4RjoQzipxRD2W5g21cOqQulZ7rHwQ==", + "version": "1.3.5", + "resolved": "https://registry.npmjs.org/axios/-/axios-1.3.5.tgz", + "integrity": "sha512-glL/PvG/E+xCWwV8S6nCHcrfg1exGx7vxyUIivIA1iL7BIh6bePylCfVHwp6k13ao7SATxB6imau2kqY+I67kw==", "requires": { "follow-redirects": "^1.15.0", "form-data": "^4.0.0", diff --git a/cli/src/cli.ts b/cli/src/cli.ts index 185d2e29..1a3ff696 100644 --- a/cli/src/cli.ts +++ b/cli/src/cli.ts @@ -16,6 +16,7 @@ type AuthToProcess = { clientId?: string; clientSecret?: string; oidcEndpoint: string; + userId?: string; }; const containerTypes = ['tdf3', 'nano', 'dataset'] as const; @@ -27,7 +28,7 @@ const parseJwtComplete = (jwt: string) => { return { header: parseJwt(jwt, 0), payload: parseJwt(jwt) }; }; -async function processAuth({ auth, clientId, clientSecret, oidcEndpoint }: AuthToProcess) { +async function processAuth({ auth, clientId, clientSecret, oidcEndpoint, userId }: AuthToProcess) { log('DEBUG', 'Processing auth params'); if (auth) { log('DEBUG', 'Processing an auth string'); @@ -57,10 +58,15 @@ async function processAuth({ auth, clientId, clientSecret, oidcEndpoint }: AuthT log('DEBUG', `updateClientPublicKey: [${clientPubkey}] [${signingKey?.publicKey}]`); }, withCreds: async (httpReq: AuthProviders.HttpRequest) => { - const creds = await actual.withCreds(httpReq); - log('DEBUG', `HTTP Requesting: ${JSON.stringify(creds)}`); - requestLog.push(creds); - return creds; + const credible = await actual.withCreds(httpReq); + if (userId) { + const url = new URL(credible.url); + url.searchParams.set('userId', userId); + credible.url = url.href; + } + log('DEBUG', `HTTP Requesting: ${JSON.stringify(credible)}`); + requestLog.push(credible); + return credible; }, }; } @@ -171,6 +177,12 @@ export const handleArgs = (args: string[]) => { default: 'nano', }) + .option('userId', { + group: 'TDF Settings', + type: 'string', + description: 'Owner email address', + }) + // Examples .example('$0 --auth ClientID123:Cli3nt$ecret', '# OIDC client credentials') diff --git a/lib/tdf3/src/tdf.ts b/lib/tdf3/src/tdf.ts index 4d625948..cda3b325 100644 --- a/lib/tdf3/src/tdf.ts +++ b/lib/tdf3/src/tdf.ts @@ -516,7 +516,9 @@ export class TDF extends EventEmitter { const httpReq = await this.authProvider.withCreds(this.buildRequest('POST', url, body)); try { - const response = await axios.post(url, httpReq.body, { headers: httpReq.headers }); + const response = await axios.post(httpReq.url, httpReq.body, { + headers: httpReq.headers, + }); // Remove additional properties which were needed to sync, but not that we want to save to // the manifest @@ -855,7 +857,7 @@ export class TDF extends EventEmitter { // The response from KAS on a rewrap const { data: { entityWrappedKey, metadata }, - } = await axios.post(url, httpReq.body, { headers: httpReq.headers }); + } = await axios.post(httpReq.url, httpReq.body, { headers: httpReq.headers }); responseMetadata = metadata; const key = Binary.fromString(base64.decode(entityWrappedKey)); const decryptedKeyBinary = await cryptoService.decryptWithPrivateKey( diff --git a/web-app/package-lock.json b/web-app/package-lock.json index ef42e0dd..e49e153a 100644 --- a/web-app/package-lock.json +++ b/web-app/package-lock.json @@ -2168,7 +2168,7 @@ "node_modules/@opentdf/client": { "version": "0.4.0", "resolved": "file:../lib/opentdf-client-0.4.0.tgz", - "integrity": "sha512-vvUOvgAvCbg8spk5YuEW0GCwFmFyIbz/M7Qg5kZRS195N8PnzjwvlAu3yN01jT8N0CVieBo0JNYgZBMdeQlsdg==", + "integrity": "sha512-wG5i0XozNWRipZMN51cNBgq0oiP28NFJ2egr2GzQbSyisFhEMS/7pL2g9lqDUipK1gFReSzkNZI1hFhJppYsIw==", "license": "BSD-3-Clause-Clear", "dependencies": { "@aws-sdk/client-s3": "3.197.0", @@ -2654,9 +2654,9 @@ "integrity": "sha512-Oei9OH4tRh0YqU3GxhX79dM/mwVgvbZJaSNaRk+bshkj0S5cfHcgYakreBjrHwatXKbz+IoIdYLxrKim2MjW0Q==" }, "node_modules/axios": { - "version": "1.3.4", - "resolved": "https://registry.npmjs.org/axios/-/axios-1.3.4.tgz", - "integrity": "sha512-toYm+Bsyl6VC5wSkfkbbNB6ROv7KY93PEBBL6xyDczaIHasAiv4wPqQ/c4RjoQzipxRD2W5g21cOqQulZ7rHwQ==", + "version": "1.3.5", + "resolved": "https://registry.npmjs.org/axios/-/axios-1.3.5.tgz", + "integrity": "sha512-glL/PvG/E+xCWwV8S6nCHcrfg1exGx7vxyUIivIA1iL7BIh6bePylCfVHwp6k13ao7SATxB6imau2kqY+I67kw==", "dependencies": { "follow-redirects": "^1.15.0", "form-data": "^4.0.0", @@ -7259,7 +7259,7 @@ }, "@opentdf/client": { "version": "file:../lib/opentdf-client-0.4.0.tgz", - "integrity": "sha512-vvUOvgAvCbg8spk5YuEW0GCwFmFyIbz/M7Qg5kZRS195N8PnzjwvlAu3yN01jT8N0CVieBo0JNYgZBMdeQlsdg==", + "integrity": "sha512-wG5i0XozNWRipZMN51cNBgq0oiP28NFJ2egr2GzQbSyisFhEMS/7pL2g9lqDUipK1gFReSzkNZI1hFhJppYsIw==", "requires": { "@aws-sdk/client-s3": "3.197.0", "axios": "^1.2.3", @@ -7581,9 +7581,9 @@ "integrity": "sha512-Oei9OH4tRh0YqU3GxhX79dM/mwVgvbZJaSNaRk+bshkj0S5cfHcgYakreBjrHwatXKbz+IoIdYLxrKim2MjW0Q==" }, "axios": { - "version": "1.3.4", - "resolved": "https://registry.npmjs.org/axios/-/axios-1.3.4.tgz", - "integrity": "sha512-toYm+Bsyl6VC5wSkfkbbNB6ROv7KY93PEBBL6xyDczaIHasAiv4wPqQ/c4RjoQzipxRD2W5g21cOqQulZ7rHwQ==", + "version": "1.3.5", + "resolved": "https://registry.npmjs.org/axios/-/axios-1.3.5.tgz", + "integrity": "sha512-glL/PvG/E+xCWwV8S6nCHcrfg1exGx7vxyUIivIA1iL7BIh6bePylCfVHwp6k13ao7SATxB6imau2kqY+I67kw==", "requires": { "follow-redirects": "^1.15.0", "form-data": "^4.0.0",