refactor(zeebe): use shared OAuth component (#46)

.vscode/settings.json

@@ -1,5 +1,5 @@
 {
-	"conventionalCommits.scopes": ["repo", "oauth", "tasklist"],
+	"conventionalCommits.scopes": ["repo", "oauth", "tasklist", "zeebe"],
 	"editor.formatOnSave": true,
 
 	"editor.defaultFormatter": "esbenp.prettier-vscode",

package.json

@@ -111,9 +111,10 @@
 		"isomorphic-fetch": "^3.0.0",
 		"long": "^4.0.0",
 		"neon-env": "^0.1.1",
+		"node-fetch": "^2.7.0",
 		"promise-retry": "^1.1.1",
 		"stack-trace": "0.0.10",
 		"typed-duration": "^1.0.12",
 		"uuid": "^7.0.3"
 	}
-}
+}

src/console/__test__/console.integration.spec.ts

@@ -18,6 +18,10 @@ test('createClient', async () => {
 	const c = new ConsoleApiClient()
 	const clusters = await c.getClusters()
 	const clusterUuid = clusters[0].uuid
+	c.getClient(clusterUuid, 'testors')
+		.then((res) => c.deleteClient(clusterUuid, res.ZEEBE_CLIENT_ID))
+		.catch((e) => e)
+
 	const res = await c.createClient({
 		clusterUuid,
 		clientName: 'testors',

src/oauth/__test__/OAuthImpl.spec.ts

@@ -20,6 +20,12 @@ beforeAll(() => {
 	})
 })
 
+beforeEach(() => {
+	ENV_VARS_TO_STORE.forEach((e) => {
+		delete process.env[e]
+	})
+})
+
 afterAll(() => {
 	ENV_VARS_TO_STORE.forEach((e) => {
 		delete process.env[e]
@@ -261,3 +267,155 @@ test('Can get scope from environment', () => {
 		return server.close()
 	})
 })
+
+test('Creates the token cache dir if it does not exist', () => {
+	const tokenCache = path.join(__dirname, '.token-cache')
+	if (fs.existsSync(tokenCache)) {
+		fs.rmdirSync(tokenCache)
+	}
+	expect(fs.existsSync(tokenCache)).toBe(false)
+
+	const o = new OAuthProviderImpl({
+		audience: 'token',
+		cacheDir: tokenCache,
+		cacheOnDisk: true,
+		clientId: 'clientId',
+		clientSecret: 'clientSecret',
+		authServerUrl: 'url',
+		userAgentString: 'test',
+	})
+	expect(o).toBeTruthy()
+	expect(fs.existsSync(tokenCache)).toBe(true)
+	if (fs.existsSync(tokenCache)) {
+		fs.rmdirSync(tokenCache)
+	}
+	expect(fs.existsSync(tokenCache)).toBe(false)
+})
+
+test('Gets the token cache dir from the environment', () => {
+	const tokenCache = path.join(__dirname, '.token-cache')
+	if (fs.existsSync(tokenCache)) {
+		fs.rmdirSync(tokenCache)
+	}
+	expect(fs.existsSync(tokenCache)).toBe(false)
+	process.env.CAMUNDA_TOKEN_CACHE_DIR = tokenCache
+	const o = new OAuthProviderImpl({
+		audience: 'token',
+		cacheOnDisk: true,
+		clientId: 'clientId',
+		clientSecret: 'clientSecret',
+		authServerUrl: 'url',
+		userAgentString: 'test',
+	})
+	expect(o).toBeTruthy()
+	expect(fs.existsSync(tokenCache)).toBe(true)
+	if (fs.existsSync(tokenCache)) {
+		fs.rmdirSync(tokenCache)
+	}
+	expect(fs.existsSync(tokenCache)).toBe(false)
+})
+
+test('Uses an explicit token cache over the environment', () => {
+	const tokenCache1 = path.join(__dirname, '.token-cache1')
+	const tokenCache2 = path.join(__dirname, '.token-cache2')
+	;[tokenCache1, tokenCache2].forEach((tokenCache) => {
+		if (fs.existsSync(tokenCache)) {
+			fs.rmdirSync(tokenCache)
+		}
+		expect(fs.existsSync(tokenCache)).toBe(false)
+	})
+	process.env.CAMUNDA_TOKEN_CACHE_DIR = tokenCache1
+	const o = new OAuthProviderImpl({
+		audience: 'token',
+		cacheDir: tokenCache2,
+		cacheOnDisk: true,
+		clientId: 'clientId',
+		clientSecret: 'clientSecret',
+		authServerUrl: 'url',
+		userAgentString: 'test',
+	})
+	expect(o).toBeTruthy()
+	expect(fs.existsSync(tokenCache2)).toBe(true)
+	expect(fs.existsSync(tokenCache1)).toBe(false)
+	;[tokenCache1, tokenCache2].forEach((tokenCache) => {
+		if (fs.existsSync(tokenCache)) {
+			fs.rmdirSync(tokenCache)
+		}
+		expect(fs.existsSync(tokenCache)).toBe(false)
+	})
+})
+
+test('Throws in the constructor if the token cache is not writable', () => {
+	const tokenCache = path.join(__dirname, '.token-cache')
+	if (fs.existsSync(tokenCache)) {
+		fs.rmdirSync(tokenCache)
+	}
+	expect(fs.existsSync(tokenCache)).toBe(false)
+	fs.mkdirSync(tokenCache, 0o400)
+	expect(fs.existsSync(tokenCache)).toBe(true)
+	let thrown = false
+	try {
+		const o = new OAuthProviderImpl({
+			audience: 'token',
+			cacheDir: tokenCache,
+			cacheOnDisk: true,
+			clientId: 'clientId',
+			// file deepcode ignore HardcodedNonCryptoSecret/test: <please specify a reason of ignoring this>
+			clientSecret: 'clientSecret',
+			authServerUrl: 'url',
+			userAgentString: 'test',
+		})
+		expect(o).toBeTruthy()
+	} catch {
+		thrown = true
+	}
+	expect(thrown).toBe(true)
+	if (fs.existsSync(tokenCache)) {
+		fs.rmdirSync(tokenCache)
+	}
+	expect(fs.existsSync(tokenCache)).toBe(false)
+})
+
+test('Can set a custom user agent', () => {
+	const o = new OAuthProviderImpl({
+		audience: 'token',
+		cacheOnDisk: true,
+		clientId: 'clientId',
+		clientSecret: 'clientSecret',
+		authServerUrl: 'url',
+		userAgentString: 'modeler',
+	})
+	expect(o.userAgentString.includes(' modeler')).toBe(true)
+})
+
+test('Uses form encoding for request', (done) => {
+	const o = new OAuthProviderImpl({
+		audience: 'token',
+		cacheOnDisk: false,
+		clientId: 'clientId',
+		clientSecret: 'clientSecret',
+		authServerUrl: 'http://127.0.0.1:3001',
+		userAgentString: 'modeler',
+	})
+	const server = http
+		.createServer((req, res) => {
+			if (req.method === 'POST') {
+				let body = ''
+				req.on('data', (chunk) => {
+					body += chunk
+				})
+
+				req.on('end', () => {
+					res.writeHead(200, { 'Content-Type': 'application/json' })
+					res.end('{"token": "something"}')
+					server.close()
+					expect(body).toEqual(
+						'audience=token&client_id=clientId&client_secret=clientSecret&grant_type=client_credentials'
+					)
+					done()
+				})
+			}
+		})
+		.listen(3001)
+	o.getToken('ZEEBE')
+})

src/oauth/index.ts

@@ -20,7 +20,10 @@ export interface OAuthProviderConfig {
 	scope?: string
 	clientId: string
 	clientSecret: string
-	userAgentString: string
+	userAgentString?: string
+	customRootCert?: Buffer
+	cacheOnDisk?: boolean
+	cacheDir?: string
 }
 
 export { OAuthProvider } from './lib/OAuthProvider'