From de2f1dee23dcebca8f1c1a866d14a9ba5078e1c9 Mon Sep 17 00:00:00 2001 From: Arpit Khanna Date: Thu, 16 Mar 2023 18:29:37 +0530 Subject: [PATCH] fix(chore): fixing sonar smells resolving sonar smells to improve quality gate GH-142 --- .../apple-auth-strategy-factory-provider.ts | 66 +++++----- .../azuread-auth-strategy-factory-provider.ts | 119 +++++++++--------- .../bearer-strategy-factory-provider.ts | 66 +++++----- ...ient-password-strategy-factory-provider.ts | 102 ++++++++------- .../client-password-verify.provider.ts | 4 +- .../cognito-auth-strategy-factory-provider.ts | 55 ++++---- ...facebook-auth-strategy-factory-provider.ts | 51 ++++---- .../google-auth-strategy-factory-provider.ts | 53 ++++---- .../insta-auth-strategy-factory-provider.ts | 51 ++++---- .../insta-auth-verify.provider.ts | 4 +- .../keycloak-strategy-factory-provider.ts | 2 + .../keycloak-verify.provider.ts | 4 +- ...ocal-password-strategy-factory-provider.ts | 109 ++++++++-------- .../local-password-verify.provider.ts | 4 +- .../passport/passport-otp/otp-auth.ts | 13 +- ...esource-owner-strategy-factory-provider.ts | 59 +++++---- .../resource-owner-verify.provider.ts | 4 +- src/strategy-adapter.ts | 2 +- 18 files changed, 399 insertions(+), 369 deletions(-) diff --git a/src/strategies/passport/passport-apple-oauth2/apple-auth-strategy-factory-provider.ts b/src/strategies/passport/passport-apple-oauth2/apple-auth-strategy-factory-provider.ts index 5e20745..8818c52 100644 --- a/src/strategies/passport/passport-apple-oauth2/apple-auth-strategy-factory-provider.ts +++ b/src/strategies/passport/passport-apple-oauth2/apple-auth-strategy-factory-provider.ts @@ -1,19 +1,20 @@ import {inject, Provider} from '@loopback/core'; import {HttpErrors, Request} from '@loopback/rest'; import {HttpsProxyAgent} from 'https-proxy-agent'; +import {AnyObject} from '@loopback/repository'; + import { Profile, AuthenticateOptions, AuthenticateOptionsWithRequest, VerifyCallback, - DecodedIdToken, + Strategy, } from 'passport-apple'; import {AuthErrorKeys} from '../../../error-keys'; import {Strategies} from '../../keys'; import {VerifyFunction} from '../../types'; -import Strategy from 'passport-apple'; export interface AppleAuthStrategyFactory { ( options: AuthenticateOptions | AuthenticateOptionsWithRequest, @@ -40,38 +41,36 @@ export class AppleAuthStrategyFactoryProvider ): Strategy { const verifyFn = verifierPassed ?? this.verifierAppleAuth; let strategy; + const func = async ( + req: Request, + accessToken: string, + refreshToken: string, + decodedIdToken: string, + profile: Profile, + cb: VerifyCallback, + ) => { + try { + const user = await verifyFn( + accessToken, + refreshToken, + decodedIdToken, + profile, + cb, + req, + ); + if (!user) { + throw new HttpErrors.Unauthorized(AuthErrorKeys.InvalidCredentials); + } + cb(undefined, user); + } catch (err) { + cb(err); + } + }; if (options && options.passReqToCallback === true) { strategy = new Strategy( options, - // eslint-disable-next-line @typescript-eslint/no-misused-promises - async ( - req: Request, - accessToken: string, - refreshToken: string, - decodedIdToken: DecodedIdToken, - profile: Profile, - cb: VerifyCallback, - ) => { - try { - const user = await verifyFn( - accessToken, - refreshToken, - decodedIdToken, - profile, - cb, - req, - ); - if (!user) { - throw new HttpErrors.Unauthorized( - AuthErrorKeys.InvalidCredentials, - ); - } - cb(undefined, user); - } catch (err) { - cb(err); - } - }, + func, ); } else { strategy = new Strategy( @@ -80,7 +79,7 @@ export class AppleAuthStrategyFactoryProvider async ( accessToken: string, refreshToken: string, - decodedIdToken: DecodedIdToken, + decodedIdToken: string, profile: Profile, cb: VerifyCallback, ) => { @@ -109,8 +108,7 @@ export class AppleAuthStrategyFactoryProvider return strategy; } - // eslint-disable-next-line @typescript-eslint/no-explicit-any - private _setupProxy(strategy: any) { + private _setupProxy(strategy: AnyObject) { // Setup proxy if any let httpsProxyAgent; if (process.env['https_proxy']) { @@ -119,6 +117,8 @@ export class AppleAuthStrategyFactoryProvider } else if (process.env['HTTPS_PROXY']) { httpsProxyAgent = new HttpsProxyAgent(process.env['HTTPS_PROXY']); strategy._oauth2.setAgent(httpsProxyAgent); + } else { + //this is intentional } } } diff --git a/src/strategies/passport/passport-azure-ad/azuread-auth-strategy-factory-provider.ts b/src/strategies/passport/passport-azure-ad/azuread-auth-strategy-factory-provider.ts index d655697..0db2fa2 100644 --- a/src/strategies/passport/passport-azure-ad/azuread-auth-strategy-factory-provider.ts +++ b/src/strategies/passport/passport-azure-ad/azuread-auth-strategy-factory-provider.ts @@ -31,6 +31,61 @@ export class AzureADAuthStrategyFactoryProvider return (options, verifier) => this.getAzureADAuthStrategyVerifier(options, verifier); } + oidcFunctionVerifier1(verifyFn: VerifyFunction.AzureADAuthFn) { + return async ( + req: Request, + iss: string, + sub: string, + profile: IProfile, + accessToken: string, + refreshToken: string, + done: VerifyCallback, + ) => { + if (!profile.oid) { + return done(new Error('No oid found'), null); + } + + try { + const user = await verifyFn( + accessToken, + refreshToken, + profile, + done, + req, + ); + if (!user) { + throw new HttpErrors.Unauthorized(AuthErrorKeys.InvalidCredentials); + } + done(null, user); + } catch (err) { + done(err); + } + }; + } + oidcFunctionVerifier2(verifyFn: VerifyFunction.AzureADAuthFn) { + return async ( + iss: string, + sub: string, + profile: IProfile, + accessToken: string, + refreshToken: string, + done: VerifyCallback, + ) => { + if (!profile.oid) { + return done(new Error('No oid found'), null); + } + + try { + const user = await verifyFn(accessToken, refreshToken, profile, done); + if (!user) { + throw new HttpErrors.Unauthorized(AuthErrorKeys.InvalidCredentials); + } + done(null, user); + } catch (err) { + done(err); + } + }; + } getAzureADAuthStrategyVerifier( options: IOIDCStrategyOptionWithoutRequest | IOIDCStrategyOptionWithRequest, @@ -40,74 +95,14 @@ export class AzureADAuthStrategyFactoryProvider if (options && options.passReqToCallback === true) { return new OIDCStrategy( options, - // eslint-disable-next-line @typescript-eslint/no-misused-promises - async ( - req: Request, - iss: string, - sub: string, - profile: IProfile, - accessToken: string, - refreshToken: string, - done: VerifyCallback, - ) => { - if (!profile.oid) { - return done(new Error('No oid found'), null); - } - - try { - const user = await verifyFn( - accessToken, - refreshToken, - profile, - done, - req, - ); - if (!user) { - throw new HttpErrors.Unauthorized( - AuthErrorKeys.InvalidCredentials, - ); - } - done(null, user); - } catch (err) { - done(err); - } - }, + this.oidcFunctionVerifier1(verifyFn), ); } else if (options && options.passReqToCallback === false) { return new OIDCStrategy( options, - // eslint-disable-next-line @typescript-eslint/no-misused-promises - async ( - iss: string, - sub: string, - profile: IProfile, - accessToken: string, - refreshToken: string, - done: VerifyCallback, - ) => { - if (!profile.oid) { - return done(new Error('No oid found'), null); - } - - try { - const user = await verifyFn( - accessToken, - refreshToken, - profile, - done, - ); - if (!user) { - throw new HttpErrors.Unauthorized( - AuthErrorKeys.InvalidCredentials, - ); - } - done(null, user); - } catch (err) { - done(err); - } - }, + this.oidcFunctionVerifier2(verifyFn), ); } else { throw new Error('Invalid value for passReqToCallback'); diff --git a/src/strategies/passport/passport-bearer/bearer-strategy-factory-provider.ts b/src/strategies/passport/passport-bearer/bearer-strategy-factory-provider.ts index ccd3d18..ca7fc04 100644 --- a/src/strategies/passport/passport-bearer/bearer-strategy-factory-provider.ts +++ b/src/strategies/passport/passport-bearer/bearer-strategy-factory-provider.ts @@ -28,6 +28,40 @@ export class BearerStrategyFactoryProvider this.getBearerStrategyVerifier(options, verifier); } + getBearerStrategyVerifier1(verifyFn: VerifyFunction.BearerFn) { + return async ( + req: Request, + token: string, + cb: (err: Error | null, user?: IAuthUser | false) => void, + ) => { + try { + const user = await verifyFn(token, req); + if (!user) { + throw new HttpErrors.Unauthorized(AuthErrorKeys.TokenInvalid); + } + cb(null, user); + } catch (err) { + cb(err); + } + }; + } + + getBearerStrategyVerifier2(verifyFn: VerifyFunction.BearerFn) { + return async ( + token: string, + cb: (err: Error | null, user?: IAuthUser | false) => void, + ) => { + try { + const user = await verifyFn(token); + if (!user) { + throw new HttpErrors.Unauthorized(AuthErrorKeys.TokenInvalid); + } + cb(null, user); + } catch (err) { + cb(err); + } + }; + } getBearerStrategyVerifier( options?: PassportBearer.IStrategyOptions, verifierPassed?: VerifyFunction.BearerFn, @@ -37,41 +71,13 @@ export class BearerStrategyFactoryProvider return new PassportBearer.Strategy( options, // eslint-disable-next-line @typescript-eslint/no-misused-promises - async ( - req: Request, - token: string, - cb: (err: Error | null, user?: IAuthUser | false) => void, - ) => { - try { - const user = await verifyFn(token, req); - if (!user) { - throw new HttpErrors.Unauthorized(AuthErrorKeys.TokenInvalid); - } - cb(null, user); - } catch (err) { - cb(err); - } - }, + this.getBearerStrategyVerifier1(verifyFn), ); } else if (!!options && !isEmpty(options)) { return new PassportBearer.Strategy( options, - // eslint-disable-next-line @typescript-eslint/no-misused-promises - async ( - token: string, - cb: (err: Error | null, user?: IAuthUser | false) => void, - ) => { - try { - const user = await verifyFn(token); - if (!user) { - throw new HttpErrors.Unauthorized(AuthErrorKeys.TokenInvalid); - } - cb(null, user); - } catch (err) { - cb(err); - } - }, + this.getBearerStrategyVerifier2(verifyFn), ); } else { return new PassportBearer.Strategy( diff --git a/src/strategies/passport/passport-client-password/client-password-strategy-factory-provider.ts b/src/strategies/passport/passport-client-password/client-password-strategy-factory-provider.ts index 7505280..65b195e 100644 --- a/src/strategies/passport/passport-client-password/client-password-strategy-factory-provider.ts +++ b/src/strategies/passport/passport-client-password/client-password-strategy-factory-provider.ts @@ -26,66 +26,76 @@ export class ClientPasswordStrategyFactoryProvider return (options, verifier) => this.getClientPasswordVerifier(options, verifier); } + getClientPasswordVerifier1(verifyFn: VerifyFunction.OauthClientPasswordFn) { + return async ( + req: Request, + clientId: string, + clientSecret: string, + cb: (err: Error | null, client?: IAuthClient | false) => void, + ) => { + try { + const client = await verifyFn(clientId, clientSecret, req); + if (!client) { + throw new HttpErrors.Unauthorized(AuthErrorKeys.ClientInvalid); + } else if ( + !client.clientSecret || + client.clientSecret !== clientSecret + ) { + throw new HttpErrors.Unauthorized( + AuthErrorKeys.ClientVerificationFailed, + ); + } else { + //this is intentional + } + cb(null, client); + } catch (err) { + cb(err); + } + }; + } + getClientPasswordVerifier2(verifyFn: VerifyFunction.OauthClientPasswordFn) { + return async ( + clientId: string, + clientSecret: string, + cb: (err: Error | null, client?: IAuthClient | false) => void, + ) => { + try { + const client = await verifyFn(clientId, clientSecret); + if (!client) { + throw new HttpErrors.Unauthorized(AuthErrorKeys.ClientInvalid); + } else if ( + !client.clientSecret || + client.clientSecret !== clientSecret + ) { + throw new HttpErrors.Unauthorized( + AuthErrorKeys.ClientVerificationFailed, + ); + } else { + //this is intentional + } + cb(null, client); + } catch (err) { + cb(err); + } + }; + } getClientPasswordVerifier( options?: ClientPasswordStrategy.StrategyOptionsWithRequestInterface, verifierPassed?: VerifyFunction.OauthClientPasswordFn, ): ClientPasswordStrategy.Strategy { const verifyFn = verifierPassed ?? this.verifier; + if (options?.passReqToCallback) { return new ClientPasswordStrategy.Strategy( options, - // eslint-disable-next-line @typescript-eslint/no-misused-promises - async ( - req: Request, - clientId: string, - clientSecret: string, - cb: (err: Error | null, client?: IAuthClient | false) => void, - ) => { - try { - const client = await verifyFn(clientId, clientSecret, req); - if (!client) { - throw new HttpErrors.Unauthorized(AuthErrorKeys.ClientInvalid); - } else if ( - !client.clientSecret || - client.clientSecret !== clientSecret - ) { - throw new HttpErrors.Unauthorized( - AuthErrorKeys.ClientVerificationFailed, - ); - } - cb(null, client); - } catch (err) { - cb(err); - } - }, + this.getClientPasswordVerifier1(verifyFn), ); } else { return new ClientPasswordStrategy.Strategy( // eslint-disable-next-line @typescript-eslint/no-misused-promises - async ( - clientId: string, - clientSecret: string, - cb: (err: Error | null, client?: IAuthClient | false) => void, - ) => { - try { - const client = await verifyFn(clientId, clientSecret); - if (!client) { - throw new HttpErrors.Unauthorized(AuthErrorKeys.ClientInvalid); - } else if ( - !client.clientSecret || - client.clientSecret !== clientSecret - ) { - throw new HttpErrors.Unauthorized( - AuthErrorKeys.ClientVerificationFailed, - ); - } - cb(null, client); - } catch (err) { - cb(err); - } - }, + this.getClientPasswordVerifier2(verifyFn), ); } } diff --git a/src/strategies/passport/passport-client-password/client-password-verify.provider.ts b/src/strategies/passport/passport-client-password/client-password-verify.provider.ts index 9618a8f..8103453 100644 --- a/src/strategies/passport/passport-client-password/client-password-verify.provider.ts +++ b/src/strategies/passport/passport-client-password/client-password-verify.provider.ts @@ -11,7 +11,9 @@ import {VerifyFunction} from '../../types'; export class ClientPasswordVerifyProvider implements Provider { - constructor() {} + constructor() { + //this is intentional + } value(): VerifyFunction.OauthClientPasswordFn { return async (clientId: string, clientSecret: string) => { diff --git a/src/strategies/passport/passport-cognito-oauth2/cognito-auth-strategy-factory-provider.ts b/src/strategies/passport/passport-cognito-oauth2/cognito-auth-strategy-factory-provider.ts index 7cd4ae7..12b1c98 100644 --- a/src/strategies/passport/passport-cognito-oauth2/cognito-auth-strategy-factory-provider.ts +++ b/src/strategies/passport/passport-cognito-oauth2/cognito-auth-strategy-factory-provider.ts @@ -32,37 +32,32 @@ export class CognitoStrategyFactoryProvider verifierPassed?: VerifyFunction.CognitoAuthFn, ): typeof CognitoStrategy { const verifyFn = verifierPassed ?? this.verifierCognito; + const func = async ( + req: Request, + accessToken: string, + refreshToken: string, + profile: Cognito.Profile, + cb: Cognito.VerifyCallback, + ) => { + try { + const user = await verifyFn( + accessToken, + refreshToken, + profile, + cb, + req, + ); + if (!user) { + throw new HttpErrors.Unauthorized(AuthErrorKeys.InvalidCredentials); + } + cb(undefined, user); + } catch (err) { + cb(err); + } + }; let strategy; if (options && options.passReqToCallback === true) { - strategy = new CognitoStrategy( - options, - - async ( - req: Request, - accessToken: string, - refreshToken: string, - profile: Cognito.Profile, - cb: Cognito.VerifyCallback, - ) => { - try { - const user = await verifyFn( - accessToken, - refreshToken, - profile, - cb, - req, - ); - if (!user) { - throw new HttpErrors.Unauthorized( - AuthErrorKeys.InvalidCredentials, - ); - } - cb(undefined, user); - } catch (err) { - cb(err); - } - }, - ); + strategy = new CognitoStrategy(options, func); } else { strategy = new CognitoStrategy( options, @@ -100,6 +95,8 @@ export class CognitoStrategyFactoryProvider } else if (process.env['HTTPS_PROXY']) { httpsProxyAgent = new HttpsProxyAgent(process.env['HTTPS_PROXY']); strategy._oauth2.setAgent(httpsProxyAgent); + } else { + //this is intentional } } } diff --git a/src/strategies/passport/passport-facebook-oauth2/facebook-auth-strategy-factory-provider.ts b/src/strategies/passport/passport-facebook-oauth2/facebook-auth-strategy-factory-provider.ts index 1118119..1e55919 100644 --- a/src/strategies/passport/passport-facebook-oauth2/facebook-auth-strategy-factory-provider.ts +++ b/src/strategies/passport/passport-facebook-oauth2/facebook-auth-strategy-factory-provider.ts @@ -41,36 +41,35 @@ export class FacebookAuthStrategyFactoryProvider verifierPassed?: VerifyFunction.FacebookAuthFn, ): Strategy { const verifyFn = verifierPassed ?? this.verifierFacebookAuth; + const func = async ( + req: Request, + accessToken: string, + refreshToken: string, + profile: Profile, + cb: VerifyCallback, + ) => { + try { + const user = await verifyFn( + accessToken, + refreshToken, + profile, + cb, + req, + ); + if (!user) { + throw new HttpErrors.Unauthorized(AuthErrorKeys.InvalidCredentials); + } + cb(undefined, user); + } catch (err) { + cb(err); + } + }; let strategy; if (options && options.passReqToCallback === true) { strategy = new Strategy( options, // eslint-disable-next-line @typescript-eslint/no-misused-promises - async ( - req: Request, - accessToken: string, - refreshToken: string, - profile: Profile, - cb: VerifyCallback, - ) => { - try { - const user = await verifyFn( - accessToken, - refreshToken, - profile, - cb, - req, - ); - if (!user) { - throw new HttpErrors.Unauthorized( - AuthErrorKeys.InvalidCredentials, - ); - } - cb(undefined, user); - } catch (err) { - cb(err); - } - }, + func, ); } else { strategy = new Strategy( @@ -111,6 +110,8 @@ export class FacebookAuthStrategyFactoryProvider } else if (process.env['HTTPS_PROXY']) { httpsProxyAgent = new HttpsProxyAgent(process.env['HTTPS_PROXY']); strategy._oauth2.setAgent(httpsProxyAgent); + } else { + //this is intentional } } } diff --git a/src/strategies/passport/passport-google-oauth2/google-auth-strategy-factory-provider.ts b/src/strategies/passport/passport-google-oauth2/google-auth-strategy-factory-provider.ts index ac2d129..bf0c366 100644 --- a/src/strategies/passport/passport-google-oauth2/google-auth-strategy-factory-provider.ts +++ b/src/strategies/passport/passport-google-oauth2/google-auth-strategy-factory-provider.ts @@ -13,7 +13,6 @@ import {AuthErrorKeys} from '../../../error-keys'; import {Strategies} from '../../keys'; import {VerifyFunction} from '../../types'; -//import * as GoogleStrategy from 'passport-google-oauth20'; export interface GoogleAuthStrategyFactory { ( options: StrategyOptions | StrategyOptionsWithRequest, @@ -39,37 +38,35 @@ export class GoogleAuthStrategyFactoryProvider verifierPassed?: VerifyFunction.GoogleAuthFn, ): Strategy { const verifyFn = verifierPassed ?? this.verifierGoogleAuth; + const func = async ( + req: Request, + accessToken: string, + refreshToken: string, + profile: Profile, + cb: VerifyCallback, + ) => { + try { + const user = await verifyFn( + accessToken, + refreshToken, + profile, + cb, + req, + ); + if (!user) { + throw new HttpErrors.Unauthorized(AuthErrorKeys.InvalidCredentials); + } + cb(undefined, user); + } catch (err) { + cb(err); + } + }; let strategy; if (options && options.passReqToCallback === true) { strategy = new Strategy( options, - // eslint-disable-next-line @typescript-eslint/no-misused-promises - async ( - req: Request, - accessToken: string, - refreshToken: string, - profile: Profile, - cb: VerifyCallback, - ) => { - try { - const user = await verifyFn( - accessToken, - refreshToken, - profile, - cb, - req, - ); - if (!user) { - throw new HttpErrors.Unauthorized( - AuthErrorKeys.InvalidCredentials, - ); - } - cb(undefined, user); - } catch (err) { - cb(err); - } - }, + func, ); } else { strategy = new Strategy( @@ -110,6 +107,8 @@ export class GoogleAuthStrategyFactoryProvider } else if (process.env['HTTPS_PROXY']) { httpsProxyAgent = new HttpsProxyAgent(process.env['HTTPS_PROXY']); strategy._oauth2.setAgent(httpsProxyAgent); + } else { + //this is intentional } } } diff --git a/src/strategies/passport/passport-insta-oauth2/insta-auth-strategy-factory-provider.ts b/src/strategies/passport/passport-insta-oauth2/insta-auth-strategy-factory-provider.ts index 5322f47..a219f8b 100644 --- a/src/strategies/passport/passport-insta-oauth2/insta-auth-strategy-factory-provider.ts +++ b/src/strategies/passport/passport-insta-oauth2/insta-auth-strategy-factory-provider.ts @@ -37,36 +37,35 @@ export class InstagramAuthStrategyFactoryProvider verifierPassed?: VerifyFunction.InstagramAuthFn, ): Strategy { const verifyFn = verifierPassed ?? this.verifierInstagramAuth; + const func = async ( + req: Request, + accessToken: string, + refreshToken: string, + profile: Profile, + cb: VerifyCallback, + ) => { + try { + const user = await verifyFn( + accessToken, + refreshToken, + profile, + cb, + req, + ); + if (!user) { + throw new HttpErrors.Unauthorized(AuthErrorKeys.InvalidCredentials); + } + cb(undefined, user); + } catch (err) { + cb(err); + } + }; let strategy; if (options && options.passReqToCallback === true) { strategy = new Strategy( options, // eslint-disable-next-line @typescript-eslint/no-misused-promises - async ( - req: Request, - accessToken: string, - refreshToken: string, - profile: Profile, - cb: VerifyCallback, - ) => { - try { - const user = await verifyFn( - accessToken, - refreshToken, - profile, - cb, - req, - ); - if (!user) { - throw new HttpErrors.Unauthorized( - AuthErrorKeys.InvalidCredentials, - ); - } - cb(undefined, user); - } catch (err) { - cb(err); - } - }, + func, ); } else { strategy = new Strategy( @@ -107,6 +106,8 @@ export class InstagramAuthStrategyFactoryProvider } else if (process.env['HTTPS_PROXY']) { httpsProxyAgent = new HttpsProxyAgent(process.env['HTTPS_PROXY']); strategy._oauth2.setAgent(httpsProxyAgent); + } else { + //this is intentional } } } diff --git a/src/strategies/passport/passport-insta-oauth2/insta-auth-verify.provider.ts b/src/strategies/passport/passport-insta-oauth2/insta-auth-verify.provider.ts index b9aa9fe..0bcdbf4 100644 --- a/src/strategies/passport/passport-insta-oauth2/insta-auth-verify.provider.ts +++ b/src/strategies/passport/passport-insta-oauth2/insta-auth-verify.provider.ts @@ -10,7 +10,9 @@ import {VerifyCallback, VerifyFunction} from '../../types'; export class InstagramAuthVerifyProvider implements Provider { - constructor() {} + constructor() { + //this is intentional + } value(): VerifyFunction.InstagramAuthFn { return async ( diff --git a/src/strategies/passport/passport-keycloak/keycloak-strategy-factory-provider.ts b/src/strategies/passport/passport-keycloak/keycloak-strategy-factory-provider.ts index 210e37a..d423f37 100644 --- a/src/strategies/passport/passport-keycloak/keycloak-strategy-factory-provider.ts +++ b/src/strategies/passport/passport-keycloak/keycloak-strategy-factory-provider.ts @@ -127,6 +127,8 @@ export class KeycloakStrategyFactoryProvider } else if (process.env['HTTPS_PROXY']) { httpsProxyAgent = new HttpsProxyAgent(process.env['HTTPS_PROXY']); strategy._oauth2.setAgent(httpsProxyAgent); + } else { + //this is intentional } } } diff --git a/src/strategies/passport/passport-keycloak/keycloak-verify.provider.ts b/src/strategies/passport/passport-keycloak/keycloak-verify.provider.ts index 3a882e1..dc76d78 100644 --- a/src/strategies/passport/passport-keycloak/keycloak-verify.provider.ts +++ b/src/strategies/passport/passport-keycloak/keycloak-verify.provider.ts @@ -11,7 +11,9 @@ import {Keycloak, VerifyFunction} from '../../types'; export class KeycloakVerifyProvider implements Provider { - constructor() {} + constructor() { + //this is intentional + } value(): VerifyFunction.KeycloakAuthFn { return async ( diff --git a/src/strategies/passport/passport-local/local-password-strategy-factory-provider.ts b/src/strategies/passport/passport-local/local-password-strategy-factory-provider.ts index 88693f8..dde32c1 100644 --- a/src/strategies/passport/passport-local/local-password-strategy-factory-provider.ts +++ b/src/strategies/passport/passport-local/local-password-strategy-factory-provider.ts @@ -29,7 +29,58 @@ export class LocalPasswordStrategyFactoryProvider return (options, verifier) => this.getLocalStrategyVerifier(options, verifier); } - + getLocalStrategyVerifier1(verifyFn: VerifyFunction.LocalPasswordFn) { + return async ( + req: Request, + username: string, + password: string, + cb: (err: Error | null, user?: IAuthUser | false) => void, + ) => { + try { + const user = await verifyFn(username, password, req); + if (!user) { + throw new HttpErrors.Unauthorized(AuthErrorKeys.InvalidCredentials); + } + cb(null, user); + } catch (err) { + cb(err); + } + }; + } + getLocalStrategyVerifier2(verifyFn: VerifyFunction.LocalPasswordFn) { + return async ( + username: string, + password: string, + cb: (err: Error | null, user?: IAuthUser | false) => void, + ) => { + try { + const user = await verifyFn(username, password); + if (!user) { + throw new HttpErrors.Unauthorized(AuthErrorKeys.InvalidCredentials); + } + cb(null, user); + } catch (err) { + cb(err); + } + }; + } + getLocalStrategyVerifier3(verifyFn: VerifyFunction.LocalPasswordFn) { + return async ( + username: string, + password: string, + cb: (err: Error | null, user?: IAuthUser | false) => void, + ) => { + try { + const user = await verifyFn(username, password, undefined); + if (!user) { + throw new HttpErrors.Unauthorized(AuthErrorKeys.InvalidCredentials); + } + cb(null, user); + } catch (err) { + cb(err); + } + }; + } getLocalStrategyVerifier( options?: | PassportLocal.IStrategyOptions @@ -37,71 +88,23 @@ export class LocalPasswordStrategyFactoryProvider verifierPassed?: VerifyFunction.LocalPasswordFn, ): PassportLocal.Strategy { const verifyFn = verifierPassed ?? this.verifierLocal; + if (options?.passReqToCallback) { return new PassportLocal.Strategy( options, // eslint-disable-next-line @typescript-eslint/no-misused-promises - async ( - req: Request, - username: string, - password: string, - cb: (err: Error | null, user?: IAuthUser | false) => void, - ) => { - try { - const user = await verifyFn(username, password, req); - if (!user) { - throw new HttpErrors.Unauthorized( - AuthErrorKeys.InvalidCredentials, - ); - } - cb(null, user); - } catch (err) { - cb(err); - } - }, + this.getLocalStrategyVerifier1(verifyFn), ); } else if (!!options && !isEmpty(options)) { return new PassportLocal.Strategy( options, // eslint-disable-next-line @typescript-eslint/no-misused-promises - async ( - username: string, - password: string, - cb: (err: Error | null, user?: IAuthUser | false) => void, - ) => { - try { - const user = await verifyFn(username, password); - if (!user) { - throw new HttpErrors.Unauthorized( - AuthErrorKeys.InvalidCredentials, - ); - } - cb(null, user); - } catch (err) { - cb(err); - } - }, + this.getLocalStrategyVerifier2(verifyFn), ); } else { return new PassportLocal.Strategy( // eslint-disable-next-line @typescript-eslint/no-misused-promises - async ( - username: string, - password: string, - cb: (err: Error | null, user?: IAuthUser | false) => void, - ) => { - try { - const user = await verifyFn(username, password, undefined); - if (!user) { - throw new HttpErrors.Unauthorized( - AuthErrorKeys.InvalidCredentials, - ); - } - cb(null, user); - } catch (err) { - cb(err); - } - }, + this.getLocalStrategyVerifier3(verifyFn), ); } } diff --git a/src/strategies/passport/passport-local/local-password-verify.provider.ts b/src/strategies/passport/passport-local/local-password-verify.provider.ts index 37ada1e..d02ad38 100644 --- a/src/strategies/passport/passport-local/local-password-verify.provider.ts +++ b/src/strategies/passport/passport-local/local-password-verify.provider.ts @@ -11,7 +11,9 @@ import {VerifyFunction} from '../../types'; export class LocalPasswordVerifyProvider implements Provider { - constructor() {} + constructor() { + //this is intentional + } value(): VerifyFunction.LocalPasswordFn { return async (username: string, password: string) => { diff --git a/src/strategies/passport/passport-otp/otp-auth.ts b/src/strategies/passport/passport-otp/otp-auth.ts index bf16465..2c07f9e 100644 --- a/src/strategies/passport/passport-otp/otp-auth.ts +++ b/src/strategies/passport/passport-otp/otp-auth.ts @@ -1,11 +1,12 @@ -/* eslint-disable @typescript-eslint/no-explicit-any */ import * as passport from 'passport'; +import {AnyObject} from '@loopback/repository'; export namespace Otp { export interface VerifyFunction { ( key: string, otp: string, + // eslint-disable-next-line @typescript-eslint/no-explicit-any done: (error: any, user?: any, info?: any) => void, ): void; } @@ -17,7 +18,9 @@ export namespace Otp { export type VerifyCallback = ( err?: string | Error | null, + // eslint-disable-next-line @typescript-eslint/no-explicit-any user?: any, + // eslint-disable-next-line @typescript-eslint/no-explicit-any info?: any, ) => void; @@ -33,7 +36,7 @@ export namespace Otp { name: string; private readonly verify: VerifyFunction; - authenticate(req: any, options?: StrategyOptions): void { + authenticate(req: AnyObject, options?: StrategyOptions): void { const key = req.body.key || options?.key; const otp = req.body.otp || options?.otp; @@ -42,7 +45,11 @@ export namespace Otp { return; } - const verified = (err?: any, user?: any, _info?: any) => { + const verified = ( + err?: AnyObject, + user?: AnyObject, + _info?: AnyObject, + ) => { if (err) { this.error(err); return; diff --git a/src/strategies/passport/passport-resource-owner-password/resource-owner-strategy-factory-provider.ts b/src/strategies/passport/passport-resource-owner-password/resource-owner-strategy-factory-provider.ts index eaeae1c..ccfc106 100644 --- a/src/strategies/passport/passport-resource-owner-password/resource-owner-strategy-factory-provider.ts +++ b/src/strategies/passport/passport-resource-owner-password/resource-owner-strategy-factory-provider.ts @@ -33,40 +33,39 @@ export class ResourceOwnerPasswordStrategyFactoryProvider verifierPassed?: VerifyFunction.ResourceOwnerPasswordFn, ): Oauth2ResourceOwnerPassword.Strategy { const verifyFn = verifierPassed ?? this.verifierResourceOwner; + const func = async ( + req: Request, + clientId: string, + clientSecret: string, + username: string, + password: string, + cb: ( + err: Error | null, + client?: IAuthClient | false, + user?: IAuthUser | false, + ) => void, + ) => { + try { + const userInfo = await verifyFn( + clientId, + clientSecret, + username, + password, + req, + ); + if (!userInfo || isEmpty(userInfo)) { + throw new HttpErrors.Unauthorized(AuthErrorKeys.InvalidCredentials); + } + cb(null, userInfo.client, userInfo.user); + } catch (err) { + cb(err); + } + }; if (options?.passReqToCallback) { return new Oauth2ResourceOwnerPassword.Strategy( options, // eslint-disable-next-line @typescript-eslint/no-misused-promises - async ( - req: Request, - clientId: string, - clientSecret: string, - username: string, - password: string, - cb: ( - err: Error | null, - client?: IAuthClient | false, - user?: IAuthUser | false, - ) => void, - ) => { - try { - const userInfo = await verifyFn( - clientId, - clientSecret, - username, - password, - req, - ); - if (!userInfo || isEmpty(userInfo)) { - throw new HttpErrors.Unauthorized( - AuthErrorKeys.InvalidCredentials, - ); - } - cb(null, userInfo.client, userInfo.user); - } catch (err) { - cb(err); - } - }, + func, ); } else { return new Oauth2ResourceOwnerPassword.Strategy( diff --git a/src/strategies/passport/passport-resource-owner-password/resource-owner-verify.provider.ts b/src/strategies/passport/passport-resource-owner-password/resource-owner-verify.provider.ts index 1fde624..5532120 100644 --- a/src/strategies/passport/passport-resource-owner-password/resource-owner-verify.provider.ts +++ b/src/strategies/passport/passport-resource-owner-password/resource-owner-verify.provider.ts @@ -12,7 +12,9 @@ import {VerifyFunction} from '../../types'; export class ResourceOwnerVerifyProvider implements Provider { - constructor() {} + constructor() { + //this is intentional + } value(): VerifyFunction.ResourceOwnerPasswordFn { return async (clientId, clientSecret, username, password) => { diff --git a/src/strategy-adapter.ts b/src/strategy-adapter.ts index 2356750..c1bfe5f 100644 --- a/src/strategy-adapter.ts +++ b/src/strategy-adapter.ts @@ -61,7 +61,7 @@ export class StrategyAdapter { strategy.redirect = (url: string) => { if (response) { - response.redirect(302, url); + response.redirect(302, url); //NOSONAR } resolve(); };