UNPKG

google-auth-library/build/src/auth/executable-response.js

Version:

6.67 kBJavaScriptView Raw

1"use strict";
2// Copyright 2022 Google LLC
3//
4// Licensed under the Apache License, Version 2.0 (the "License");
5// you may not use this file except in compliance with the License.
6// You may obtain a copy of the License at
7//
8//      http://www.apache.org/licenses/LICENSE-2.0
9//
10// Unless required by applicable law or agreed to in writing, software
11// distributed under the License is distributed on an "AS IS" BASIS,
12// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13// See the License for the specific language governing permissions and
14// limitations under the License.
15Object.defineProperty(exports, "__esModule", { value: true });
16exports.InvalidSubjectTokenError = exports.InvalidMessageFieldError = exports.InvalidCodeFieldError = exports.InvalidTokenTypeFieldError = exports.InvalidExpirationTimeFieldError = exports.InvalidSuccessFieldError = exports.InvalidVersionFieldError = exports.ExecutableResponseError = exports.ExecutableResponse = void 0;
17const SAML_SUBJECT_TOKEN_TYPE = 'urn:ietf:params:oauth:token-type:saml2';
18const OIDC_SUBJECT_TOKEN_TYPE1 = 'urn:ietf:params:oauth:token-type:id_token';
19const OIDC_SUBJECT_TOKEN_TYPE2 = 'urn:ietf:params:oauth:token-type:jwt';
20/**
21 * Defines the response of a 3rd party executable run by the pluggable auth client.
22 */
23class ExecutableResponse {
24    /**
25     * Instantiates an ExecutableResponse instance using the provided JSON object
26     * from the output of the executable.
27     * @param responseJson Response from a 3rd party executable, loaded from a
28     * run of the executable or a cached output file.
29     */
30    constructor(responseJson) {
31        // Check that the required fields exist in the json response.
32        if (!responseJson.version) {
33            throw new InvalidVersionFieldError("Executable response must contain a 'version' field.");
34        }
35        if (responseJson.success === undefined) {
36            throw new InvalidSuccessFieldError("Executable response must contain a 'success' field.");
37        }
38        this.version = responseJson.version;
39        this.success = responseJson.success;
40        // Validate required fields for a successful response.
41        if (this.success) {
42            this.expirationTime = responseJson.expiration_time;
43            this.tokenType = responseJson.token_type;
44            // Validate token type field.
45            if (this.tokenType !== SAML_SUBJECT_TOKEN_TYPE &&
46                this.tokenType !== OIDC_SUBJECT_TOKEN_TYPE1 &&
47                this.tokenType !== OIDC_SUBJECT_TOKEN_TYPE2) {
48                throw new InvalidTokenTypeFieldError("Executable response must contain a 'token_type' field when successful " +
49                    `and it must be one of ${OIDC_SUBJECT_TOKEN_TYPE1}, ${OIDC_SUBJECT_TOKEN_TYPE2}, or ${SAML_SUBJECT_TOKEN_TYPE}.`);
50            }
51            // Validate subject token.
52            if (this.tokenType === SAML_SUBJECT_TOKEN_TYPE) {
53                if (!responseJson.saml_response) {
54                    throw new InvalidSubjectTokenError(`Executable response must contain a 'saml_response' field when token_type=${SAML_SUBJECT_TOKEN_TYPE}.`);
55                }
56                this.subjectToken = responseJson.saml_response;
57            }
58            else {
59                if (!responseJson.id_token) {
60                    throw new InvalidSubjectTokenError("Executable response must contain a 'id_token' field when " +
61                        `token_type=${OIDC_SUBJECT_TOKEN_TYPE1} or ${OIDC_SUBJECT_TOKEN_TYPE2}.`);
62                }
63                this.subjectToken = responseJson.id_token;
64            }
65        }
66        else {
67            // Both code and message must be provided for unsuccessful responses.
68            if (!responseJson.code) {
69                throw new InvalidCodeFieldError("Executable response must contain a 'code' field when unsuccessful.");
70            }
71            if (!responseJson.message) {
72                throw new InvalidMessageFieldError("Executable response must contain a 'message' field when unsuccessful.");
73            }
74            this.errorCode = responseJson.code;
75            this.errorMessage = responseJson.message;
76        }
77    }
78    /**
79     * @return A boolean representing if the response has a valid token. Returns
80     * true when the response was successful and the token is not expired.
81     */
82    isValid() {
83        return !this.isExpired() && this.success;
84    }
85    /**
86     * @return A boolean representing if the response is expired. Returns true if the
87     * provided timeout has passed.
88     */
89    isExpired() {
90        return (this.expirationTime !== undefined &&
91            this.expirationTime < Math.round(Date.now() / 1000));
92    }
93}
94exports.ExecutableResponse = ExecutableResponse;
95/**
96 * An error thrown by the ExecutableResponse class.
97 */
98class ExecutableResponseError extends Error {
99    constructor(message) {
100        super(message);
101        Object.setPrototypeOf(this, new.target.prototype);
102    }
103}
104exports.ExecutableResponseError = ExecutableResponseError;
105/**
106 * An error thrown when the 'version' field in an executable response is missing or invalid.
107 */
108class InvalidVersionFieldError extends ExecutableResponseError {
109}
110exports.InvalidVersionFieldError = InvalidVersionFieldError;
111/**
112 * An error thrown when the 'success' field in an executable response is missing or invalid.
113 */
114class InvalidSuccessFieldError extends ExecutableResponseError {
115}
116exports.InvalidSuccessFieldError = InvalidSuccessFieldError;
117/**
118 * An error thrown when the 'expiration_time' field in an executable response is missing or invalid.
119 */
120class InvalidExpirationTimeFieldError extends ExecutableResponseError {
121}
122exports.InvalidExpirationTimeFieldError = InvalidExpirationTimeFieldError;
123/**
124 * An error thrown when the 'token_type' field in an executable response is missing or invalid.
125 */
126class InvalidTokenTypeFieldError extends ExecutableResponseError {
127}
128exports.InvalidTokenTypeFieldError = InvalidTokenTypeFieldError;
129/**
130 * An error thrown when the 'code' field in an executable response is missing or invalid.
131 */
132class InvalidCodeFieldError extends ExecutableResponseError {
133}
134exports.InvalidCodeFieldError = InvalidCodeFieldError;
135/**
136 * An error thrown when the 'message' field in an executable response is missing or invalid.
137 */
138class InvalidMessageFieldError extends ExecutableResponseError {
139}
140exports.InvalidMessageFieldError = InvalidMessageFieldError;
141/**
142 * An error thrown when the subject token in an executable response is missing or invalid.
143 */
144class InvalidSubjectTokenError extends ExecutableResponseError {
145}
146exports.InvalidSubjectTokenError = InvalidSubjectTokenError;

1	`"use strict";`
2	`// Copyright 2022 Google LLC`
3	`//`
4	`// Licensed under the Apache License, Version 2.0 (the "License");`
5	`// you may not use this file except in compliance with the License.`
6	`// You may obtain a copy of the License at`
7	`//`
8	`// http://www.apache.org/licenses/LICENSE-2.0`
9	`//`
10	`// Unless required by applicable law or agreed to in writing, software`
11	`// distributed under the License is distributed on an "AS IS" BASIS,`
12	`// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.`
13	`// See the License for the specific language governing permissions and`
14	`// limitations under the License.`
15	`Object.defineProperty(exports, "__esModule", { value: true });`
16	`exports.InvalidSubjectTokenError = exports.InvalidMessageFieldError = exports.InvalidCodeFieldError = exports.InvalidTokenTypeFieldError = exports.InvalidExpirationTimeFieldError = exports.InvalidSuccessFieldError = exports.InvalidVersionFieldError = exports.ExecutableResponseError = exports.ExecutableResponse = void 0;`
17	`const SAML_SUBJECT_TOKEN_TYPE = 'urn:ietf:params:oauth:token-type:saml2';`
18	`const OIDC_SUBJECT_TOKEN_TYPE1 = 'urn:ietf:params:oauth:token-type:id_token';`
19	`const OIDC_SUBJECT_TOKEN_TYPE2 = 'urn:ietf:params:oauth:token-type:jwt';`
20	`/**`
21	`* Defines the response of a 3rd party executable run by the pluggable auth client.`
22	`*/`
23	`class ExecutableResponse {`
24	`/**`
25	`* Instantiates an ExecutableResponse instance using the provided JSON object`
26	`* from the output of the executable.`
27	`* @param responseJson Response from a 3rd party executable, loaded from a`
28	`* run of the executable or a cached output file.`
29	`*/`
30	`constructor(responseJson) {`
31	`// Check that the required fields exist in the json response.`
32	`if (!responseJson.version) {`
33	`throw new InvalidVersionFieldError("Executable response must contain a 'version' field.");`
34	`}`
35	`if (responseJson.success === undefined) {`
36	`throw new InvalidSuccessFieldError("Executable response must contain a 'success' field.");`
37	`}`
38	`this.version = responseJson.version;`
39	`this.success = responseJson.success;`
40	`// Validate required fields for a successful response.`
41	`if (this.success) {`
42	`this.expirationTime = responseJson.expiration_time;`
43	`this.tokenType = responseJson.token_type;`
44	`// Validate token type field.`
45	`if (this.tokenType !== SAML_SUBJECT_TOKEN_TYPE &&`
46	`this.tokenType !== OIDC_SUBJECT_TOKEN_TYPE1 &&`
47	`this.tokenType !== OIDC_SUBJECT_TOKEN_TYPE2) {`
48	`throw new InvalidTokenTypeFieldError("Executable response must contain a 'token_type' field when successful " +`
49	`and it must be one of ${OIDC_SUBJECT_TOKEN_TYPE1}, ${OIDC_SUBJECT_TOKEN_TYPE2}, or ${SAML_SUBJECT_TOKEN_TYPE}.`);
50	`}`
51	`// Validate subject token.`
52	`if (this.tokenType === SAML_SUBJECT_TOKEN_TYPE) {`
53	`if (!responseJson.saml_response) {`
54	throw new InvalidSubjectTokenError(`Executable response must contain a 'saml_response' field when token_type=${SAML_SUBJECT_TOKEN_TYPE}.`);
55	`}`
56	`this.subjectToken = responseJson.saml_response;`
57	`}`
58	`else {`
59	`if (!responseJson.id_token) {`
60	`throw new InvalidSubjectTokenError("Executable response must contain a 'id_token' field when " +`
61	`token_type=${OIDC_SUBJECT_TOKEN_TYPE1} or ${OIDC_SUBJECT_TOKEN_TYPE2}.`);
62	`}`
63	`this.subjectToken = responseJson.id_token;`
64	`}`
65	`}`
66	`else {`
67	`// Both code and message must be provided for unsuccessful responses.`
68	`if (!responseJson.code) {`
69	`throw new InvalidCodeFieldError("Executable response must contain a 'code' field when unsuccessful.");`
70	`}`
71	`if (!responseJson.message) {`
72	`throw new InvalidMessageFieldError("Executable response must contain a 'message' field when unsuccessful.");`
73	`}`
74	`this.errorCode = responseJson.code;`
75	`this.errorMessage = responseJson.message;`
76	`}`
77	`}`
78	`/**`
79	`* @return A boolean representing if the response has a valid token. Returns`
80	`* true when the response was successful and the token is not expired.`
81	`*/`
82	`isValid() {`
83	`return !this.isExpired() && this.success;`
84	`}`
85	`/**`
86	`* @return A boolean representing if the response is expired. Returns true if the`
87	`* provided timeout has passed.`
88	`*/`
89	`isExpired() {`
90	`return (this.expirationTime !== undefined &&`
91	`this.expirationTime < Math.round(Date.now() / 1000));`
92	`}`
93	`}`
94	`exports.ExecutableResponse = ExecutableResponse;`
95	`/**`
96	`* An error thrown by the ExecutableResponse class.`
97	`*/`
98	`class ExecutableResponseError extends Error {`
99	`constructor(message) {`
100	`super(message);`
101	`Object.setPrototypeOf(this, new.target.prototype);`
102	`}`
103	`}`
104	`exports.ExecutableResponseError = ExecutableResponseError;`
105	`/**`
106	`* An error thrown when the 'version' field in an executable response is missing or invalid.`
107	`*/`
108	`class InvalidVersionFieldError extends ExecutableResponseError {`
109	`}`
110	`exports.InvalidVersionFieldError = InvalidVersionFieldError;`
111	`/**`
112	`* An error thrown when the 'success' field in an executable response is missing or invalid.`
113	`*/`
114	`class InvalidSuccessFieldError extends ExecutableResponseError {`
115	`}`
116	`exports.InvalidSuccessFieldError = InvalidSuccessFieldError;`
117	`/**`
118	`* An error thrown when the 'expiration_time' field in an executable response is missing or invalid.`
119	`*/`
120	`class InvalidExpirationTimeFieldError extends ExecutableResponseError {`
121	`}`
122	`exports.InvalidExpirationTimeFieldError = InvalidExpirationTimeFieldError;`
123	`/**`
124	`* An error thrown when the 'token_type' field in an executable response is missing or invalid.`
125	`*/`
126	`class InvalidTokenTypeFieldError extends ExecutableResponseError {`
127	`}`
128	`exports.InvalidTokenTypeFieldError = InvalidTokenTypeFieldError;`
129	`/**`
130	`* An error thrown when the 'code' field in an executable response is missing or invalid.`
131	`*/`
132	`class InvalidCodeFieldError extends ExecutableResponseError {`
133	`}`
134	`exports.InvalidCodeFieldError = InvalidCodeFieldError;`
135	`/**`
136	`* An error thrown when the 'message' field in an executable response is missing or invalid.`
137	`*/`
138	`class InvalidMessageFieldError extends ExecutableResponseError {`
139	`}`
140	`exports.InvalidMessageFieldError = InvalidMessageFieldError;`
141	`/**`
142	`* An error thrown when the subject token in an executable response is missing or invalid.`
143	`*/`
144	`class InvalidSubjectTokenError extends ExecutableResponseError {`
145	`}`
146	`exports.InvalidSubjectTokenError = InvalidSubjectTokenError;`