feat: support patching of user info

Bumps [nodemon](https://github.com/remy/nodemon) from 3.0.3 to 3.1.0.
- [Release notes](https://github.com/remy/nodemon/releases)
- [Commits](https://github.com/remy/nodemon/compare/v3.0.3...v3.1.0)

.gitlab-ci.yml

@@ -16,7 +16,7 @@ image: buildtool/build-tools:${BUILDTOOLS_VERSION}
 build:
   stage: build
   services:
-  - docker:dind
+  - docker:${DOCKER_DIND_VERSION}
   script:
   - build
   - push

.gitlab/dependabot.yml

@@ -1,17 +0,0 @@
-# To get started with Dependabot version updates, you'll need to specify which
-# package ecosystems to update and where the package manifests are located.
-# Please see the documentation for all configuration options:
-# https://help.github.com/github/administering-a-repository/configuration-options-for-dependency-updates
-
-version: 2
-updates:
-- package-ecosystem: "npm"
-  directory: "/"
-  schedule:
-    interval: "daily"
-  open-pull-requests-limit: 20
-- package-ecosystem: "docker"
-  directory: "/"
-  schedule:
-    interval: "daily"
-  open-pull-requests-limit: 20

.nvmrc

@@ -0,0 +1 @@
+20

.prettierignore

@@ -0,0 +1,2 @@
+*.yaml
+*.yml

.prettierrc

@@ -0,0 +1,9 @@
+{
+  "semi": false,
+  "singleQuote": true,
+  "trailingComma": "none",
+  "arrowParens": "always",
+  "quoteProps": "as-needed",
+  "bracketSpacing": true,
+  "bracketSameLine": false
+}

Dockerfile

@@ -1,4 +1,4 @@
-FROM node:18
+FROM node:20
 ENV AUDIENCE "https://shiny.unbound.se"
 ENV ORIGIN_HOST "auth0mock"
 ENV ORIGIN "https://auth0mock:3333"
@@ -6,7 +6,7 @@ EXPOSE 3333
 WORKDIR /app
 ADD package.json yarn.lock /app/
 RUN yarn install --frozen-lockfile
-ADD app.js cert.js /app/
+ADD *.js /app/
 ADD public /app/public
 RUN mkdir -p /root/.config
 ENTRYPOINT yarn start

README.md

@@ -3,47 +3,68 @@
 > This server helps you to simulate auth0 server locally. So, you are able to use the `/tokeninfo` endpoint to verify your token.
 
 ## Getting Started
-### Prerequisites
-* Install [Node.js](http://nodejs.org)
-    * on OSX use [homebrew](http://brew.sh) `brew install node`
-    * on Windows use [chocolatey](https://chocolatey.org/) `choco install nodejs`
 
+### Prerequisites
+
+- Install [Node.js](http://nodejs.org)
+  - on OSX use [homebrew](http://brew.sh) `brew install node`
+  - on Windows use [chocolatey](https://chocolatey.org/) `choco install nodejs`
 
 ## Installing
-* `fork` this repo
-* `clone` your fork
-* `npm install` to install all dependencies
+
+- `fork` this repo
+- `clone` your fork
+- `npm install` to install all dependencies
 
 ## Running the app
+
 After you have installed all dependencies you can now run the app.
 Run `npm start` to start a local server.
 The port will be displayed to you as `http://0.0.0.0:3333` (or if you prefer IPv6, if you're using `express` server, then it's `http://[::1]:3333/`).
 
+## Initial users
+
+Adding a JSON file with the following layout will populate the users store when starting:
+
+```json
+{
+  "email@test.com": {
+    "given_name": "name",
+    "family_name": "family",
+    "user_id": "id"
+  }
+}
+```
+
+By default `./users.json` will be read but this can be overridden by setting the environment variable `USERS_FILE`.
 
 ## API Documentation
 
 ### `GET` /token/:username
+
 Returns a token with the given user(username). This token can the be used by your application.
 
 ### `POST` /tokeninfo
+
 Returns the data of the token like the username.
 
 **Body**
+
 ```
 {
     "id_token": "your-token-kjasdf6ashasl..."
 }
 ```
 
-
 ## Related Projects
-* [express-typescript-boilerplate](https://github.com/w3tecch/express-typescript-boilerplate) - Boilerplate for an restful express-apllication written in TypeScript
-* [express-graphql-typescript-boilerplate](https://github.com/w3tecch/express-graphql-typescript-boilerplate) - A starter kit for building amazing GraphQL API's with TypeScript and express by @w3tecch
 
+- [express-typescript-boilerplate](https://github.com/w3tecch/express-typescript-boilerplate) - Boilerplate for an restful express-apllication written in TypeScript
+- [express-graphql-typescript-boilerplate](https://github.com/w3tecch/express-graphql-typescript-boilerplate) - A starter kit for building amazing GraphQL API's with TypeScript and express by @w3tecch
 
 ## License
+
 [MIT](/LICENSE)
 
-
 ---
-Made with ♥ by Gery Hirschfeld ([@GeryHirschfeld1](https://twitter.com/GeryHirschfeld1))
+
+Made with ♥ by Gery Hirschfeld ([@GeryHirschfeld1](https://twitter.com/GeryHirschfeld1))

app.js

@@ -10,17 +10,20 @@ const cors = require('cors')
 const bodyParser = require('body-parser')
 const favicon = require('serve-favicon')
 const cert = require('./cert')
+const initialUsers = require('./users')
 
 let issuer = process.env.ISSUER || 'localhost:3333'
 let jwksOrigin = `https://${issuer}/`
 const audience = process.env.AUDIENCE || 'https://generic-audience'
-const adminCustomClaim = process.env.ADMIN_CUSTOM_CLAIM || 'https://unbound.se/admin'
-const emailCustomClaim = process.env.EMAIL_CUSTOM_CLAIM || 'https://unbound.se/email'
+const adminCustomClaim =
+  process.env.ADMIN_CUSTOM_CLAIM || 'https://unbound.se/admin'
+const emailCustomClaim =
+  process.env.EMAIL_CUSTOM_CLAIM || 'https://unbound.se/email'
 
 const debug = Debug('app')
 
 let { privateKey, certDer, thumbprint, exponent, modulus } = cert(jwksOrigin)
-
+const users = initialUsers(process.env.USERS_FILE || './users.json')
 const sessions = {}
 const challenges = {}
 
@@ -37,7 +40,6 @@ const addCustomClaims = (email, customClaims, token) => {
       ...claim
     }
   }, token)
-
 }
 
 const signToken = (token) => {
@@ -48,7 +50,8 @@ const signToken = (token) => {
 }
 
 // Configure our small auth0-mock-server
-app.options('*', cors(corsOpts))
+app
+  .options('*', cors(corsOpts))
   .use(cors())
   .use(bodyParser.json({ strict: false }))
   .use(bodyParser.urlencoded({ extended: true }))
@@ -91,26 +94,34 @@ app.post('/oauth/token', (req, res) => {
   } else if (req.body.code) {
     const code = req.body.code
     const session = sessions[code]
-    let accessToken = signToken(addCustomClaims(session.email, session.customClaims, {
-      iss: jwksOrigin,
-      aud: [audience],
-      sub: 'auth0|' + session.email,
-      iat: date,
-      exp: date + 7200,
-      azp: session.clientId
-    }))
+    let accessToken = signToken(
+      addCustomClaims(session.email, session.customClaims, {
+        iss: jwksOrigin,
+        aud: [audience],
+        sub: 'auth0|' + session.email,
+        iat: date,
+        exp: date + 7200,
+        azp: session.clientId
+      })
+    )
 
-    let idToken = signToken(addCustomClaims(session.email, session.customClaims, {
-      iss: jwksOrigin,
-      aud: session.clientId,
-      nonce: session.nonce,
-      sub: 'auth0|' + session.email,
-      iat: date,
-      exp: date + 7200,
-      azp: session.clientId,
-      name: 'Example Person',
-      picture: 'https://cdn.playbuzz.com/cdn/5458360f-32ea-460e-a707-1a2d26760558/70bda687-cb84-4756-8a44-8cf735ed87b3.jpg'
-    }))
+    let idToken = signToken(
+      addCustomClaims(session.email, session.customClaims, {
+        iss: jwksOrigin,
+        aud: session.clientId,
+        nonce: session.nonce,
+        sub: 'auth0|' + session.email,
+        iat: date,
+        exp: date + 7200,
+        azp: session.clientId,
+        name: 'Example Person',
+        given_name: 'Example',
+        family_name: 'Person',
+        email: session.email,
+        picture:
+          'https://cdn.playbuzz.com/cdn/5458360f-32ea-460e-a707-1a2d26760558/70bda687-cb84-4756-8a44-8cf735ed87b3.jpg'
+      })
+    )
 
     debug('Signed token for ' + session.email)
 
@@ -133,9 +144,12 @@ app.get('/token/:email', (req, res) => {
     debug('No user was given!')
     return res.status(400).send('user is missing')
   }
-  const token = jwt.sign({
-    user_id: 'auth0|' + req.params.email
-  }, privateKey)
+  const token = jwt.sign(
+    {
+      user_id: 'auth0|' + req.params.email
+    },
+    privateKey
+  )
   debug('Signed token for ' + req.params.email)
   res.json({ token })
 })
@@ -160,7 +174,9 @@ app.post('/code', (req, res) => {
     codeChallenge: req.body.codeChallenge,
     customClaims: [claim]
   }
-  res.redirect(`${req.body.redirect}?domain=${issuer}&code=${code}&state=${encodeURIComponent(state)}`)
+  res.redirect(
+    `${req.body.redirect}?code=${code}&state=${encodeURIComponent(state)}`
+  )
 })
 
 app.get('/authorize', (req, res) => {
@@ -171,13 +187,26 @@ app.get('/authorize', (req, res) => {
   const codeChallenge = req.query.code_challenge
   const prompt = req.query.prompt
   const responseMode = req.query.response_mode
+  if (responseMode === 'query') {
+    const code = req.cookies['auth0']
+    const session = sessions[code]
+    if (session) {
+      session.nonce = nonce
+      session.state = state
+      session.codeChallenge = codeChallenge
+      sessions[codeChallenge] = session
+      res.redirect(`${redirect}?code=${codeChallenge}&state=${state}`)
+      return
+    }
+  }
   if (prompt === 'none' && responseMode === 'web_message') {
     const code = req.cookies['auth0']
     const session = sessions[code]
-    session.nonce = nonce
-    session.state = state
-    session.codeChallenge = codeChallenge
-    res.send(`
+    if (session) {
+      session.nonce = nonce
+      session.state = state
+      session.codeChallenge = codeChallenge
+      res.send(`
 <!DOCTYPE html>
 <html>
   <body>
@@ -195,13 +224,16 @@ app.get('/authorize', (req, res) => {
   </script>
   </body>
 </html>`)
-  } else {
-    res.cookie('auth0', codeChallenge, {
-      sameSite: 'None',
-      secure: true,
-      httpOnly: true
-    })
-    res.send(`
+      return
+    }
+  }
+
+  res.cookie('auth0', codeChallenge, {
+    sameSite: 'None',
+    secure: true,
+    httpOnly: true
+  })
+  res.send(`
 <html lang='en'>
   <head>
     <meta charset='utf-8'>
@@ -242,21 +274,29 @@ app.get('/authorize', (req, res) => {
   </body>
 </html>
 `)
-  }
 })
 
 app.get('/userinfo', (req, res) => {
-  res.contentType('application/json').send(JSON.stringify({ picture: 'https://cdn.playbuzz.com/cdn/5458360f-32ea-460e-a707-1a2d26760558/70bda687-cb84-4756-8a44-8cf735ed87b3.jpg' }))
+  res.contentType('application/json').send(
+    JSON.stringify({
+      picture:
+        'https://cdn.playbuzz.com/cdn/5458360f-32ea-460e-a707-1a2d26760558/70bda687-cb84-4756-8a44-8cf735ed87b3.jpg'
+    })
+  )
 })
 
 app.get('/v2/logout', (req, res) => {
-  res.redirect(`${req.query.returnTo}?domain=${issuer}`)
+  const code = req.cookies['auth0']
+  const session = sessions[code]
+  if (session) {
+    delete sessions[code]
+  }
+  res.redirect(req.query.returnTo)
 })
 
 app.get('/.well-known/jwks.json', (req, res) => {
-  res
-    .contentType('application/json')
-    .send(JSON.stringify({
+  res.contentType('application/json').send(
+    JSON.stringify({
       keys: [
         {
           alg: 'RS256',
@@ -270,7 +310,8 @@ app.get('/.well-known/jwks.json', (req, res) => {
           x5t: thumbprint
         }
       ]
-    }))
+    })
+  )
 })
 
 // This route returns the inside of a jwt-token. Your main application
@@ -297,7 +338,13 @@ app.post('/issuer', (req, res) => {
   }
   issuer = req.body.issuer
   jwksOrigin = `https://${issuer}/`
-  const { privateKey: key, certDer: der, thumbprint: thumb, exponent: exp, modulus: mod } = cert(jwksOrigin)
+  const {
+    privateKey: key,
+    certDer: der,
+    thumbprint: thumb,
+    exponent: exp,
+    modulus: mod
+  } = cert(jwksOrigin)
   privateKey = key
   certDer = der
   thumbprint = thumb
@@ -308,11 +355,44 @@ app.post('/issuer', (req, res) => {
 })
 
 app.get('/api/v2/users-by-email', (req, res) => {
-  res.json([])
+  const email = req.query.email
+  console.log('users', users)
+  const user = users[email]
+  if (user === undefined) {
+    res.json([])
+  } else {
+    res.json([user])
+  }
+})
+
+app.patch('/api/v2/users/:userid', (req, res) => {
+  const email = req.params.userid.slice(6)
+  console.log('patching user with id', email)
+  const user = users[email]
+  if (!user) {
+    res.sendStatus(404)
+    return
+  }
+  users[email] = {
+    email: email,
+    given_name: req.body.given_name || user.given_name,
+    family_name: req.body.family_name || user.family_name,
+    user_id: email,
+    picture: req.body.picture || user.picture
+  }
+  res.json({
+    user_id: `auth0|${email}`
+  })
 })
 
 app.post('/api/v2/users', (req, res) => {
   const email = req.body.email
+  users[email] = {
+    email: email,
+    given_name: 'Given',
+    family_name: 'Last',
+    user_id: email
+  }
   res.json({
     user_id: `auth0|${email}`
   })
@@ -324,7 +404,7 @@ app.post('/api/v2/tickets/password-change', (req, res) => {
   })
 })
 
-app.use(function(req, res, next) {
+app.use(function (req, res, next) {
   console.log('404', req.path)
   res.status(404).send('error: 404 Not Found ' + req.path)
 })

cert.js

@@ -43,11 +43,7 @@ const PUBLIC_KEY_PEM =
   'HwIDAQAB\n' +
   '-----END PUBLIC KEY-----\n'
 
-const createCertificate = ({
-                             publicKey,
-                             privateKey,
-                             jwksOrigin
-                           }) => {
+const createCertificate = ({ publicKey, privateKey, jwksOrigin }) => {
   const cert = forge.pki.createCertificate()
   cert.publicKey = publicKey
   cert.serialNumber = '123'

k8s/deploy.yaml

@@ -14,7 +14,7 @@ spec:
     spec:
       containers:
         - name: auth0mock
-          image: registry.gitlab.com/unboundsoftware/shiny/auth0mock:${COMMIT}
+          image: registry.gitlab.com/unboundsoftware/auth0mock:${COMMIT}
           imagePullPolicy: "IfNotPresent"
           resources:
             requests:

package.json

@@ -6,23 +6,29 @@
   "scripts": {
     "test": "echo \"Error: no test specified\" && exit 1",
     "dev": "nodemon ./app.js",
-    "start": "node ./app.js"
+    "start": "node ./app.js",
+    "lint:prettier": "prettier --check .",
+    "lint": "yarn lint:prettier",
+    "lintfix": "prettier --write --list-different ."
   },
   "author": "",
   "license": "MIT",
   "dependencies": {
     "base64-url": "^2.3.3",
-    "body-parser": "^1.20.0",
+    "body-parser": "^1.20.2",
     "buffer": "^6.0.3",
     "cookie-parser": "^1.4.6",
     "cors": "^2.8.3",
     "debug": "^4.3.4",
-    "express": "^4.18.0",
+    "express": "^4.18.2",
     "https-localhost": "^4.7.1",
-    "jsonwebtoken": "^8.5.1",
+    "jsonwebtoken": "^9.0.2",
     "node-forge": "^1.3.1",
     "node-rsa": "^1.1.1",
-    "nodemon": "^2.0.15",
+    "nodemon": "^3.1.0",
     "serve-favicon": "^2.4.2"
+  },
+  "devDependencies": {
+    "prettier": "^3.2.5"
   }
 }

renovate.json

@@ -0,0 +1,6 @@
+{
+  "$schema": "https://docs.renovatebot.com/renovate-schema.json",
+  "extends": [
+    "config:recommended"
+  ]
+}

users.js

@@ -0,0 +1,18 @@
+const fs = require('fs')
+
+const setup = (usersFile) => {
+  let users = {}
+  if (fs.existsSync(usersFile)) {
+    console.log(`initial users file "${usersFile}" exists, reading`)
+    const read = fs.readFileSync(usersFile, { encoding: 'utf8', flag: 'r' })
+    users = JSON.parse(read)
+    for (let key of Object.keys(users)) {
+      users[key] = { ...users[key], email: key }
+    }
+    console.log('users:', users)
+  } else {
+    console.log(`initial users file "${usersFile}" missing`)
+  }
+  return users
+}
+module.exports = setup