From 2879946d9837f7a5180bc86e2dd5debdb0f30a6b Mon Sep 17 00:00:00 2001 From: Andrej Kincel Date: Wed, 25 Oct 2023 13:41:54 +0200 Subject: [PATCH] Release 5.3.1 Fix priority order for authorizers to prioritize canonicalId over sub --- CHANGELOG.md | 19 +++++++++++++++++++ package.json | 2 +- src/openApi/openApiWrapper.ts | 4 ++-- tests/openApi/openApi.test.ts | 20 ++++++++++++++++++++ 4 files changed, 42 insertions(+), 3 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index b33e499..2de5084 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -4,6 +4,25 @@ All notable changes to this project will be documented in this file. The format is based on [Keep a Changelog](http://keepachangelog.com/en/1.0.0/) +## [5.3.1] - 2023-10-25 + +### Fixed + +The `getUserToken()` and `getUserPrincipal()` order was wrongly set in version `5.3.0`. The new fixed +priority order: + +`getUserToken()` + +1. `request.authorizerContext.jwt` +2. `request.authorizerContext.accessToken` (new) +3. `request.headers.Authorization` + +`getUserPrincipal()` + +1. `authorizerContext.canonicalId` (**prefer canonicalId**) +2. `authorizerContext.principalId` (new) +3. `request.headers.Authorization` + ## [5.3.0] - 2023-09-07 ### Changed diff --git a/package.json b/package.json index 0b9050c..df96ef4 100644 --- a/package.json +++ b/package.json @@ -1,6 +1,6 @@ { "name": "lambda-essentials-ts", - "version": "5.3.0", + "version": "5.3.1", "description": "A selection of the finest modules supporting authorization, API routing, error handling, logging and sending HTTP requests.", "main": "lib/index.js", "private": false, diff --git a/src/openApi/openApiWrapper.ts b/src/openApi/openApiWrapper.ts index 951d722..03a2a01 100644 --- a/src/openApi/openApiWrapper.ts +++ b/src/openApi/openApiWrapper.ts @@ -171,8 +171,8 @@ export default class OpenApiWrapper { } { if (authorizerContext) { return { - userPrincipal: authorizerContext.principalId ?? authorizerContext.canonicalId, - userToken: authorizerContext.accessToken ?? authorizerContext.jwt, + userPrincipal: authorizerContext.canonicalId ?? authorizerContext.principalId, + userToken: authorizerContext.jwt ?? authorizerContext.accessToken, }; } diff --git a/tests/openApi/openApi.test.ts b/tests/openApi/openApi.test.ts index 7061c94..5a3c00a 100644 --- a/tests/openApi/openApi.test.ts +++ b/tests/openApi/openApi.test.ts @@ -52,6 +52,18 @@ describe('Open API Wrapper', () => { requestId: 'tests-request-id', }, }; + const requestWithOldAndNewStyleAuthorizer: ApiRequest = { + ...request, + requestContext: { + authorizer: { + canonicalId, + principalId, + jwt, + accessToken, + }, + requestId: 'tests-request-id', + }, + }; const testJwt = 'eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiaHR0cHM6Ly9jbGFpbXMuY2ltcHJlc3MuaW8vY2Fub25pY2FsX2lkIjoiam9obkBkb2Uub3JnIiwiYWRtaW4iOnRydWUsImlhdCI6MTUxNjIzOTAyMn0.XNjjaJDz4g8AecLBIDZY6aDwANCNMKg2NrcNxaJ-0JaqoGm0fBGPCZfbtGuf4-8DVqnwmrWslt7tMEj8QIU_TL1cWsX83ZGggM4crGva8tLw54Vhg5BrNWCOBiMphxGzU-5DbXPWvtnWatJgDdBuRSegZK5slpa8DnmXiMNkXxZhyulTbZYkArE2e16NFZhVANWmR3A4K_0ETF-s3uARvua9rPOxkaaxHPIkoZ58CsuD1p6pqi8KDthiW0OCry6o2uPIG-MfyP0gKDPD88XtVD5pcr6WWhNv37ZnucG75wuxE8c6eMj_pPCrt_eoM8ygUc9GY7XoLmZZAvI-szlivw'; const requestWithAuthorizationHeader: ApiRequest = { @@ -105,6 +117,14 @@ describe('Open API Wrapper', () => { expect(openApi.getUserPrincipal()).toEqual(canonicalId); }); + test('sets userToken and userPrincipal from old-style Authorizer with priority', async () => { + const openApi = new OpenApiWrapper(new LoggerMock()); + await openApi.api.requestMiddleware(requestWithOldAndNewStyleAuthorizer); + + expect(openApi.getUserToken()).toEqual(jwt); + expect(openApi.getUserPrincipal()).toEqual(canonicalId); + }); + test('sets userToken and userPrincipal from Authorization header', async () => { const openApi = new OpenApiWrapper(new LoggerMock()); await openApi.api.requestMiddleware(requestWithAuthorizationHeader);