From 908153bddee09d5608c6ed31dfded60abfd40cc1 Mon Sep 17 00:00:00 2001 From: Bo Motlagh Date: Tue, 28 May 2024 15:17:32 -0400 Subject: [PATCH 1/4] testing new CICD --- package.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/package.json b/package.json index ea3e69e..5eaf9d4 100644 --- a/package.json +++ b/package.json @@ -1,7 +1,7 @@ { "name": "ue-auth", "altName": "UE-Auth", - "version": "1.43.6", + "version": "1.43.7", "description": "UE Auth is a multi-tenant OIDC Provider, User Management, B2B Product Access, and Roles/Permissions Management system intended to create a single hybrid solution to serve as Identity and Access for both self-registered B2C Apps and Enterprise B2B Solutions", "private": false, "license": "SEE LICENSE IN ./LICENSE.md", From 5e0f926d34fbc9dd1112ddbc8ec492d66f4d4861 Mon Sep 17 00:00:00 2001 From: Bo Motlagh Date: Fri, 20 Sep 2024 13:19:14 -0400 Subject: [PATCH 2/4] cleaned up config code to better handle truthy strings from env variables --- .env_ci/env.dev.json | 2 +- .env_ci/env.production.json | 2 +- .env_ci/env.test.json | 2 +- package.json | 4 ++-- src/api/authGroup/api.js | 2 +- src/config.js | 18 +++++++++--------- tsconfig.json | 3 ++- 7 files changed, 17 insertions(+), 16 deletions(-) diff --git a/.env_ci/env.dev.json b/.env_ci/env.dev.json index 6c1881d..656257f 100644 --- a/.env_ci/env.dev.json +++ b/.env_ci/env.dev.json @@ -17,7 +17,7 @@ "ONE_TIME_PERSONAL_ROOT_CREATION_KEY": "YOUR_SECRET_FOR_SETUP", "FULL_SUPER_CONTROL": true, "ROOT_COMPANY_NAME": "United Effects", - "OPEN_GROUP_REG": true, + "OPEN_GROUP_REG": false, "INIT_ROOT_PRIMARY_DOMAIN": "", "INIT_ROOT_PRIMARY_TOS": "", "INIT_ROOT_PRIMARY_POLICY": "", diff --git a/.env_ci/env.production.json b/.env_ci/env.production.json index 6c4b705..a8e0a65 100644 --- a/.env_ci/env.production.json +++ b/.env_ci/env.production.json @@ -17,7 +17,7 @@ "ONE_TIME_PERSONAL_ROOT_CREATION_KEY": null, "FULL_SUPER_CONTROL": false, "ROOT_COMPANY_NAME": "United Effects", - "OPEN_GROUP_REG": true, + "OPEN_GROUP_REG": false, "INIT_ROOT_PRIMARY_DOMAIN": "", "INIT_ROOT_PRIMARY_TOS": "", "INIT_ROOT_PRIMARY_POLICY": "", diff --git a/.env_ci/env.test.json b/.env_ci/env.test.json index dd2d047..f1fc3f3 100644 --- a/.env_ci/env.test.json +++ b/.env_ci/env.test.json @@ -17,7 +17,7 @@ "ONE_TIME_PERSONAL_ROOT_CREATION_KEY": "", "FULL_SUPER_CONTROL": true, "ROOT_COMPANY_NAME": "United Effects", - "OPEN_GROUP_REG": true, + "OPEN_GROUP_REG": false, "INIT_ROOT_PRIMARY_DOMAIN": "", "INIT_ROOT_PRIMARY_TOS": "", "INIT_ROOT_PRIMARY_POLICY": "", diff --git a/package.json b/package.json index 5eaf9d4..9918058 100644 --- a/package.json +++ b/package.json @@ -1,14 +1,14 @@ { "name": "ue-auth", "altName": "UE-Auth", - "version": "1.43.7", + "version": "1.43.8", "description": "UE Auth is a multi-tenant OIDC Provider, User Management, B2B Product Access, and Roles/Permissions Management system intended to create a single hybrid solution to serve as Identity and Access for both self-registered B2C Apps and Enterprise B2B Solutions", "private": false, "license": "SEE LICENSE IN ./LICENSE.md", "scripts": { "test-notifications": "nodemon ./test/tools/testserver.js", "start": "node ./dist/start.js", - "dev": "NODE_ENV=dev nodemon ./src/start.ts", + "dev": "NODE_ENV=dev nodemon", "swag-type": "ts-node openApiTypeGenerator.ts", "build": "yarn && tsc", "package": "yarn test && sls package", diff --git a/src/api/authGroup/api.js b/src/api/authGroup/api.js index 5093e5b..ad3e017 100644 --- a/src/api/authGroup/api.js +++ b/src/api/authGroup/api.js @@ -10,7 +10,6 @@ import initAccess from '../../initUEAuth'; import permissions from '../../permissions'; const config = require('../../config'); - const RESOURCE = 'Auth Group'; const api = { @@ -305,6 +304,7 @@ const api = { }, async getPublicGroupInfo(req, res, next) { try { + console.info('BO DELETE', config.OPEN_GROUP_REG, typeof config.OPEN_GROUP_REG); const ag = req.params.group; const result = await group.getPublicOne(ag); if(!result) throw Boom.notFound(ag); diff --git a/src/config.js b/src/config.js index 4258fe0..c364f73 100644 --- a/src/config.js +++ b/src/config.js @@ -26,11 +26,11 @@ const config = { // Reference to where users should be linked when they need to complete a registration (optional) ROOT_GROUP_REGISTRATION_UI_URL: process.env.ROOT_GROUP_REGISTRATION_UI_URL || envVars.ROOT_GROUP_REGISTRATION_UI_URL || undefined, // This service can persist http errors in mongo logs. Not recommended for production - PERSIST_HTTP_ERRORS: (process.env.PERSIST_HTTP_ERRORS === 'true') || envVars.PERSIST_HTTP_ERRORS || false, + PERSIST_HTTP_ERRORS: process.env.PERSIST_HTTP_ERRORS === 'true' ? true : process.env.PERSIST_HTTP_ERRORS === 'false' ? false : envVars.PERSIST_HTTP_ERRORS ?? false, // This service can persist unexpected error logs to mongo. Not recommended for production - WRITE_LOGS_TO_DB: (process.env.WRITE_LOGS_TO_DB === 'true') || envVars.WRITE_LOGS_TO_DB || false, + WRITE_LOGS_TO_DB: process.env.WRITE_LOGS_TO_DB === 'true' ? true : process.env.WRITE_LOGS_TO_DB === 'false' ? false : envVars.WRITE_LOGS_TO_DB ?? false, // When set to true, this ensures that any Initial Access Token being used is deleted after the first attempt, even if attempt fails - SINGLE_USE_IAT: (process.env.SINGLE_USE_IAT === 'true') || envVars.SINGLE_USE_IAT || false, + SINGLE_USE_IAT: process.env.SINGLE_USE_IAT === 'true' ? true : process.env.SINGLE_USE_IAT === 'false' ? false : envVars.SINGLE_USE_IAT ?? false, // When registering a new AuthGroup, there is an expiration window to activate that AuthGroup GROUP_SECURE_EXPIRES: parseInt(process.env.GROUP_SECURE_EXPIRES) || envVars.GROUP_SECURE_EXPIRES || 86400 * 31, // OIDC uses cookies to manage local sessions for users. COOKIE_KEYS provides the encryption keys @@ -45,15 +45,15 @@ const config = { } }, // When true and when Root does not yet exist, a user can request to initialize UE Auth with a Root AuthGroup - ALLOW_ROOT_CREATION: (process.env.ALLOW_ROOT_CREATION === 'true') || envVars.ALLOW_ROOT_CREATION || false, + ALLOW_ROOT_CREATION: process.env.ALLOW_ROOT_CREATION === 'true' ? true : process.env.ALLOW_ROOT_CREATION === 'false' ? false : envVars.ALLOW_ROOT_CREATION ?? false, // As a backup to the database limit of only one Root AuthGroup, creation of the Root AuthGroup requires a creation key. It is recommended that this be set to null, empty string, or undefined unless you are actively creating a Root AuthGroup ONE_TIME_PERSONAL_ROOT_CREATION_KEY: process.env.ONE_TIME_PERSONAL_ROOT_CREATION_KEY || envVars.ONE_TIME_PERSONAL_ROOT_CREATION_KEY || null, // The email address to be used when creating the Root AuthGroup. A user Account will be generated with this email address. ROOT_EMAIL: process.env.ROOT_EMAIL || envVars.ROOT_EMAIL || null, // The Root AuthGroup has super admin across all accounts, organizations and domains. When set to false, that control is limited to read across all rather than the ability to update data on some sensative objects. - FULL_SUPER_CONTROL: (process.env.FULL_SUPER_CONTROL === 'true') || envVars.FULL_SUPER_CONTROL || false, + FULL_SUPER_CONTROL: process.env.FULL_SUPER_CONTROL === 'true' ? true : process.env.FULL_SUPER_CONTROL === 'false' ? false : envVars.FULL_SUPER_CONTROL ?? false, // When OPEN_GROUP_REG is true, anyone can sign up for an AuthGroup. Otherwise only Root users can - OPEN_GROUP_REG: (process.env.OPEN_GROUP_REG === 'true') || envVars.OPEN_GROUP_REG || false, + OPEN_GROUP_REG: process.env.OPEN_GROUP_REG === 'true' ? true : process.env.OPEN_GROUP_REG === 'false' ? false : envVars.OPEN_GROUP_REG ?? false, // Company name for the Root AuthGroup ROOT_COMPANY_NAME: process.env.ROOT_COMPANY_NAME || envVars.ROOT_COMPANY_NAME || 'United Effects', // Company URL for the Root AuthGroup @@ -78,7 +78,7 @@ const config = { // UE Auth assumes you will provide an audience to access its API UI_CORE_AUDIENCE_ORIGIN: process.env.UI_CORE_AUDIENCE_ORIGIN || envVars.UI_CORE_AUDIENCE_ORIGIN || 'http://localhost:3000', // UI_PKCE_REQUIRED tells UE Auth whether to set “token_endpoint_auth_method” to "none" or not for AuthGroup Client creation: true=none - UI_PKCE_REQUIRED: (process.env.UI_PKCE_REQUIRED === 'true') || envVars.UI_PKCE_REQUIRED || false, + UI_PKCE_REQUIRED: process.env.UI_PKCE_REQUIRED === 'true' ? true : process.env.UI_PKCE_REQUIRED === 'false' ? false : envVars.UI_PKCE_REQUIRED ?? false, // Any globally available (across AuthGroups) scopes beyond what is hardcoded or defined per AuthGroup can be set here CORE_SCOPES () { try { @@ -113,11 +113,11 @@ const config = { // Any member of an AuthGroup must have certain basic permissions to manage their account. This defines those permissions MEMBER_PERMISSIONS: ['member:::accounts::update:own', 'member:::accounts::read:own', 'member:::accounts::delete:own', 'member:::useraccess::delete:own', 'member:::useraccess::read:own','member:::operations-reset-user-password::create', 'member:::operations-user::create:own', 'member:::operations-invite::create:own', 'member:::accounts-notification::read:own'], // The Event Emitter writes out a lot of information with regards to the objects of the system. Some of that information could contain sensative information such as passwords or secrets. When this setting is true, sensitive data is sanitized before display. - EVENT_EMITTER_CLEAN_SENSITIVE: (process.env.EVENT_EMITTER_CLEAN_SENSITIVE === 'true') || envVars.EVENT_EMITTER_CLEAN_SENSITIVE || false, + EVENT_EMITTER_CLEAN_SENSITIVE: process.env.EVENT_EMITTER_CLEAN_SENSITIVE === 'true' ? true : process.env.EVENT_EMITTER_CLEAN_SENSITIVE === 'false' ? false : envVars.EVENT_EMITTER_CLEAN_SENSITIVE ?? false, // You can set the custom domain header you want to use to track incoming upstream request domains CUSTOM_DOMAIN_PROXY_HEADER: process.env.CUSTOM_DOMAIN_PROXY_HEADER || envVars.CUSTOM_DOMAIN_PROXY_HEADER || 'x-host', DISABLE_STREAMS: envVars.DISABLE_STREAMS || false, - INIT_AG_WITH_STREAMS: (process.env.INIT_AG_WITH_STREAMS === 'true') || envVars.INIT_AG_WITH_STREAMS || true, + INIT_AG_WITH_STREAMS: process.env.INIT_AG_WITH_STREAMS === 'true' ? true : process.env.INIT_AG_WITH_STREAMS === 'false' ? false : envVars.INIT_AG_WITH_STREAMS ?? false, // This is a default/backup of the event emitter options generally defined per AuthGroup. EVENT_EMITTER: (envVars && envVars.DISABLE_STREAMS === true) ? {} :{ general: true, diff --git a/tsconfig.json b/tsconfig.json index 22f2377..2003dd7 100644 --- a/tsconfig.json +++ b/tsconfig.json @@ -1,7 +1,8 @@ { "include": ["src"], "ts-node": { - "esm": false + "esm": false, + "files": true }, "compilerOptions": { /* Visit https://aka.ms/tsconfig to read more about this file */ From c3c349e3823244774f7fbdf9d320bc14da7c9c2f Mon Sep 17 00:00:00 2001 From: Bo Motlagh Date: Fri, 20 Sep 2024 13:21:40 -0400 Subject: [PATCH 3/4] cleanup --- package.json | 2 +- src/api/authGroup/api.js | 1 - 2 files changed, 1 insertion(+), 2 deletions(-) diff --git a/package.json b/package.json index 9918058..6c1d659 100644 --- a/package.json +++ b/package.json @@ -1,7 +1,7 @@ { "name": "ue-auth", "altName": "UE-Auth", - "version": "1.43.8", + "version": "1.43.9", "description": "UE Auth is a multi-tenant OIDC Provider, User Management, B2B Product Access, and Roles/Permissions Management system intended to create a single hybrid solution to serve as Identity and Access for both self-registered B2C Apps and Enterprise B2B Solutions", "private": false, "license": "SEE LICENSE IN ./LICENSE.md", diff --git a/src/api/authGroup/api.js b/src/api/authGroup/api.js index ad3e017..d8a936e 100644 --- a/src/api/authGroup/api.js +++ b/src/api/authGroup/api.js @@ -304,7 +304,6 @@ const api = { }, async getPublicGroupInfo(req, res, next) { try { - console.info('BO DELETE', config.OPEN_GROUP_REG, typeof config.OPEN_GROUP_REG); const ag = req.params.group; const result = await group.getPublicOne(ag); if(!result) throw Boom.notFound(ag); From 78e742db1fb33702d386d0e8521d3ba413035013 Mon Sep 17 00:00:00 2001 From: Bo Motlagh Date: Fri, 20 Sep 2024 13:36:26 -0400 Subject: [PATCH 4/4] triggering a build --- README.md | 1 - package.json | 2 +- 2 files changed, 1 insertion(+), 2 deletions(-) diff --git a/README.md b/README.md index eab01b8..a82d21b 100644 --- a/README.md +++ b/README.md @@ -50,7 +50,6 @@ Contact us at [solution@unitedeffects.com](mailto:solution@unitedeffects.com) to * [Join our slack community!](https://docs.unitedeffects.com/docs/community-and-support) * [LinkedIn](https://www.linkedin.com/company/unitedeffects) -* [Twitter](https://twitter.com/ueffectsInc) * [Medium Blog](https://blog.unitedeffects.com) ## Investment Opportunities diff --git a/package.json b/package.json index 6c1d659..e216605 100644 --- a/package.json +++ b/package.json @@ -1,7 +1,7 @@ { "name": "ue-auth", "altName": "UE-Auth", - "version": "1.43.9", + "version": "1.43.10", "description": "UE Auth is a multi-tenant OIDC Provider, User Management, B2B Product Access, and Roles/Permissions Management system intended to create a single hybrid solution to serve as Identity and Access for both self-registered B2C Apps and Enterprise B2B Solutions", "private": false, "license": "SEE LICENSE IN ./LICENSE.md",