Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Remove deprecated @okta/configuration-validation and integrate essential functions #439

Merged
merged 2 commits into from
Dec 16, 2024

Conversation

vero1024
Copy link
Contributor

@vero1024 vero1024 commented Dec 12, 2024

This PR removes the deprecated @okta/configuration-validation package and integrates the essential functions directly into index.js.

Additionally, this change resolves a security vulnerability in the jsonpath-plus package.

Resolves: #432

Comment on lines +56 to +109
class ConfigurationValidationError extends Error {}
const findDomainURL = 'https://bit.ly/finding-okta-domain';
const findAppCredentialsURL = 'https://bit.ly/finding-okta-app-credentials';
const copyCredentialsMessage = 'You can copy it from the Okta Developer Console ' +
'in the details for the Application you created. ' +
`Follow these instructions to find it: ${findAppCredentialsURL}`;

const isHttps = new RegExp('^https://');
const hasDomainAdmin = /-admin.(okta|oktapreview|okta-emea).com/;

function assertIssuer(issuer, testing = {}){
const copyMessage = 'You can copy your domain from the Okta Developer ' +
'Console. Follow these instructions to find it: ' + findDomainURL;

if (testing.disableHttpsCheck) {
const httpsWarning = 'Warning: HTTPS check is disabled. ' +
'This allows for insecure configurations and is NOT recommended for production use.';
/* eslint-disable-next-line no-console */
console.warn(httpsWarning);
}

if (!issuer) {
throw new ConfigurationValidationError('Your Okta URL is missing. ' + copyMessage);
} else if (!testing.disableHttpsCheck && !issuer.match(isHttps)) {
throw new ConfigurationValidationError(
'Your Okta URL must start with https. ' +
`Current value: ${issuer}. ${copyMessage}`
);
} else if (issuer.match(/{yourOktaDomain}/)) {
throw new ConfigurationValidationError('Replace {yourOktaDomain} with your Okta domain. ' + copyMessage);
} else if (issuer.match(hasDomainAdmin)) {
throw new ConfigurationValidationError(
'Your Okta domain should not contain -admin. ' +
`Current value: ${issuer}. ${copyMessage}`
);
}
}

function assertClientId(clientId){
if (!clientId) {
throw new ConfigurationValidationError('Your client ID is missing. ' + copyCredentialsMessage);
} else if (clientId.match(/{clientId}/)) {
throw new ConfigurationValidationError('Replace {clientId} with the client ID of your Application. ' + copyCredentialsMessage);
}
}

function assertRedirectUri(redirectUri){
if (!redirectUri) {
throw new ConfigurationValidationError('Your redirect URI is missing.');
} else if (redirectUri.match(/{redirectUri}/)) {
throw new ConfigurationValidationError('Replace {redirectUri} with the redirect URI of your Application.');
}
}

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

copy and convert javascript based configuration-validation

@vero1024
Copy link
Contributor Author

@rajdeepnanua-okta
Please check this PR and #432

@rajdeepnanua-okta
Copy link
Contributor

Thanks for your contribution @vero1024! I'm working on some CI fixes to merge this change and I will release a new version with this branch asap (hopefully today)

@rajdeepnanua-okta rajdeepnanua-okta changed the base branch from master to remove_jsonpath_plus December 16, 2024 20:39
@rajdeepnanua-okta rajdeepnanua-okta merged commit 7cea49c into okta:remove_jsonpath_plus Dec 16, 2024
1 of 2 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

CVE in jsonpath-plus included through transitive dependencies
2 participants