paulononato/backstage
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix: throw proper error when missing email

Browse Source 
closes #26404

Signed-off-by: Heikki Hellgren <heikki.hellgren@op.fi>
This commit is contained in:
Heikki Hellgren
2024-09-02 09:49:37 +03:00
parent ad0c7bb26b
commit 8d1fb8d257
3 changed files with 39 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files
.changeset/cool-actors-sin.md
+5
View File
@@ -0,0 +1,5 @@
---
'@backstage/plugin-auth-backend-module-aws-alb-provider': patch
---
Throw correct error when email is missing from the claims
plugins/auth-backend-module-aws-alb-provider/src/authenticator.test.ts
+28
View File
@@ -146,6 +146,34 @@ describe('AwsAlbProvider', () => {
);
});
it('Email is missing', async () => {
const jwt = await new SignJWT({ ...mockClaims, email: undefined })
.setProtectedHeader({ alg: 'HS256', signer: 'SIGNER_ARN' })
.sign(signingKey);
const req = {
header: jest.fn(name => {
if (name === ALB_JWT_HEADER) {
return jwt;
} else if (name === ALB_ACCESS_TOKEN_HEADER) {
return mockAccessToken;
}
return undefined;
}),
} as unknown as express.Request;
await expect(
awsAlbAuthenticator.authenticate(
{ req },
{
issuer: 'ISSUER_URL',
signer: undefined,
getKey: jest.fn().mockResolvedValue(signingKey),
},
),
).rejects.toThrow(
'Exception occurred during JWT processing: AuthenticationError: Missing email in the JWT token',
);
});
it('issuer is missing', async () => {
const jwt = await new SignJWT({})
.setProtectedHeader({ alg: 'HS256' })
plugins/auth-backend-module-aws-alb-provider/src/authenticator.ts
+6 -2
View File
@@ -15,11 +15,11 @@
*/
import { AuthenticationError } from '@backstage/errors';
import { AwsAlbClaims, AwsAlbResult, AwsAlbProtectedHeader } from './types';
import { AwsAlbClaims, AwsAlbProtectedHeader, AwsAlbResult } from './types';
import { jwtVerify } from 'jose';
import {
PassportProfile,
createProxyAuthenticator,
PassportProfile,
} from '@backstage/plugin-auth-node';
import NodeCache from 'node-cache';
import { makeProfileInfo, provisionKeyCache } from './helpers';
@@ -69,6 +69,10 @@ export const awsAlbAuthenticator = createProxyAuthenticator({
throw new AuthenticationError('Signer mismatch on JWT token');
}
if (!claims.email) {
throw new AuthenticationError(`Missing email in the JWT token`);
}
const fullProfile: PassportProfile = {
provider: 'unknown',
id: claims.sub,