Feature/72 (#86)

* OAuth2 Implicit Grant call is working again. Token Introspection page works with implicit grant results.

* All functionality working with the OAuth2 Authorization Grant.

* OAuth2 Implicity Grant automated test.

* Docker-based test suite is now working with the OAuth2 Implicit Grant.

* Added logout test to the OAuth2 Implicit Grant test.

* Updating docker-compose file name for containerized tests. Updated environment file path.

* Adding repo checkout back into tests pipeline.

* Added logout step to OAuth2 Authorization Code test.

* OIDC Authorization Code Flow (Public Client) test working with token detail page tests for all token types.

* Refresh Token control and results display now works when you return from token_detail or userinfo views. Userinfo has a backend processing option and works correctly with POST method.

* Updated oidc_authorization_code.js test script to make a token refresh call and validate the tokens received.

* Successful local test of oidc_authorization_code.

* Tests that currently work.

* Copy new test files for selelium tests.

Author: rcbjBlueMars

api/package.json

@@ -3,7 +3,7 @@
   "version": "1.0.0",
   "private": true,
   "description": "idptools client project",
-  "author": "Robert C. Broeckelmann Jr. <robert@iyasec.io>",
+  "author": "Robert C. Broeckelmann Jr. <info@iyasec.io>",
   "scripts": {
     "start": "node server.js"
   },

api/server.js

@@ -1,8 +1,3 @@
-// File: server.js
-// Author: Robert C. Broeckelmann Jr.
-// Date: 05/31/2020
-// Notes:
-//
 'use strict';
 
 var appconfig = require(process.env.CONFIG_FILE);
@@ -20,17 +15,31 @@ const HOST = appconfig.host || '0.0.0.0';
 const LOG_LEVEL = appconfig.logLevel || 'debug';
 const uiUrl = appconfig.uiUrl || 'http://localhost:3000';
 
+const STATUS_200 = 200;
+const STATUS_400 = 400;
+const STATUS_401 = 401;
+const STATUS_403 = 403;
+const STATUS_404 = 404;
+const STATUS_500 = 500;
+
 var log = bunyan.createLogger({ name: 'server',
                                 level: LOG_LEVEL });
 log.info("Log initialized. logLevel=" + log.level());
 
+var claimDescriptions = "";
+var cachedClaimDescriptions = false;
+
 const app = express();
 const expressSwagger = require('express-swagger-generator')(app);
 
 app.use(bodyParser.json());
+var corsOptions = {
+  origin: '*',
+  optionsSuccessStatus: 204
+};
 // app.use(expressLogging(logger));
-app.options('*', cors());
-app.use(cors());
+app.options("*", cors(corsOptions));
+app.use(cors(corsOptions));
 
 /**
  * @typedef HealthcheckResponse
@@ -45,28 +54,70 @@ app.use(cors());
  * @returns {Error.model} 500 - Unexpected error
  */
 app.get('/healthcheck', function (req, res) {
-  res.json({ message: 'Success' });
+  res
+  .status(STATUS_200)
+  .json({ message: 'Success' });
 });
 
 /**
- * System healthcheck
+ * Retrieve Claims Description.
  * @route GET /claimdescription
  * @group Metadata - Support operations
  * @returns {HealthcheckResponse.model} 200 - Claim Description Response
  * @returns {Error.model} 400 - Syntax error
  * @returns {Error.model} 500 - Unexpected error
  */
 app.get('/claimdescription', function(req, res) {
-  fetch("https://www.iana.org/assignments/jwt/jwt.xml")
-  .then((response) => {
-    response.text()
-    .then( (text) => {
-      log.debug("Retrieved: " + text);
+  console.log("Entering GET /claimdescription.");
+  try {
+    if(cachedClaimDescriptions) {
+      console.debug("Using cached claim descriptions.");
       res
       .append('Content-Type', 'application/xml')
-      .send(text)
+      .status(STATUS_200)
+      .send(claimDescriptions);
+    } else {
+      log.debug("Pulling claim descriptions");
+      fetch("https://www.iana.org/assignments/jwt/jwt.xml")
+      .then((response) => {
+        response
+        .text()
+        .then( (text) => {
+          log.debug("Retrieved: " + text);
+          res
+          .append('Content-Type', 'application/xml')
+          .send(text);
+          cachedClaimDescriptions = true;
+          claimDescriptions = text;
+        });
+      })
+      .catch(function (error) {
+        log.error('Error from claimsdescription endpoint: ' + error.stack);
+      if(!!error.response) {
+        if(!!error.response.status) {
+          log.error("Error Status: " + error.response.status);
+        }
+        if(!!error.response.data) {
+          log.error("Error Response body: " + JSON.stringify(error.response.data));
+        }
+        if(!!error.response.headers) {
+          log.error("Error Response headers: " + error.response.headers);
+        }
+        if (!!error.response) {
+          res.status(error.response.status);
+          res.json(error.response.data);
+        } else {
+          res.status(STATUS_500);
+          res.json(error.message);
+        }
+      }
     });
-  });
+   }
+  } catch(e) {
+    log.error("An error occurred while retrieving the claim description XML: " + e.stack);
+    res.status(STATUS_500)
+       .render('error', { error: e });
+  }
 });
 
 /**
@@ -176,11 +227,158 @@ app.post('/token', (req, res) => {
     });
   } catch (e) {
     log.error('An error occurred: ' + e);
-    res.status(500);
+    res.status(STATUS_500);
     res.json({ "error": e });
   }
 });
 
+/**
+ * @typedef IntrospectionRequest
+ * @property {string} grant_type.required - The OAuth2 / OIDC Grant / Flow Type
+ * @property {string} client_id.required - The OAuth2 client identifier
+ */
+
+/**
+ * @typedef IntrospectionResponse
+ * @property {string} access_token.required - The OAuth2 Access Token
+ * @property {string} id_token - The OpenID Connect ID Token
+ */
+
+/**
+ * Wrapper around OAuth2 Introspection Endpoint
+ * @route POST /introspection
+ * @group Debugger - Operations for OAuth2/OIDC Debugger
+ * @param {IntrospectionRequest.model} req.body.required - Token Endpoint Request
+ * @returns {IntrospectionResponse.model} 200 - Token Endpoint Response
+ * @returns {Error.model} 400 - Syntax error
+ * @returns {Error.model} 500 - Unexpected error
+ */
+app.post('/introspection', (req, res) => {
+try {
+  log.info('Entering app.post for /introspection.');
+  const body = req.body;
+  log.debug('body: ' + JSON.stringify(body));
+  var headers = {
+    "Authorization": req.headers.authorization,
+    "Content-Type": "application/x-www-form-urlencoded"
+  };
+  var introspectionRequestMessage = {
+    token: body.token,
+    token_type_hint: body.token_type_hint
+  }
+  const parameterString = JSON.stringify(introspectionRequestMessage);
+  log.debug("Method: POST");
+  log.debug("URL: " + body.introspectionEndpoint);
+  log.debug("headers: " + JSON.stringify(headers));
+  log.debug("body: " + parameterString);
+  axios({
+      method: 'post',
+      url: body.introspectionEndpoint,
+      headers: headers,
+      data: introspectionRequestMessage,
+      httpsAgent: new (require('https').Agent)({ rejectUnauthorized: true })
+    })
+    .then(function (response) {
+      log.debug('Response from OAuth2 Introspection Endpoint: ' + JSON.stringify(response.data));
+      log.debug('Headers: ' + response.headers);
+      res.status(response.status);
+      res.json(response.data);
+    })
+    .catch(function (error) {
+      log.error('Error from OAuth2 Introspection Endpoint: ' + error);
+      if(!!error.response) {
+        if(!!error.response.status) {
+          log.error("Error Status: " + error.response.status);
+        }
+        if(!!error.response.data) {
+          log.error("Error Response body: " + JSON.stringify(error.response.data));
+        }
+        if(!!error.response.headers) {
+          log.error("Error Response headers: " + error.response.headers);
+        }
+        if (!!error.response) {
+          res.status(error.response.status);
+          res.json(error.response.data);
+        } else {
+          res.status(STATUS_500);
+          res.json(error.message);
+        }
+      }
+    });
+  } catch(e) {
+    log.error("Error from OAuth2 Introspection Endpoint: " + error);
+  }
+});
+
+app.post('/userinfo', (req, res) => {
+  log.info('Entering app.post for /userinfo.');
+  userinfo_common(req, res);
+  log.debug("Leaving app.post for /userinfo.");
+});
+
+/**
+ * Wrapper around OIDC UserInfo Endpoint
+ * @route POST /userinfo
+ * @group Debugger - Operations for OAuth2/OIDC Debugger
+ * @param {UserInfoRequest.model} req.body.required - UserInfo Endpoint Request
+ * @returns {UserInfoResponse.model} 200 - UserInfo Endpoint Response
+ * @returns {Error.model} 400 - Syntax error
+ * @returns {Error.model} 500 - Unexpected error
+ */
+app.get('/userinfo', (req, res) => {
+  log.info("Entering app.get for /userinfo.");
+  userinfo_common(req, res);
+  log.debug("Leaving app.get for /userinfo.");
+});
+
+function userinfo_common(req, res) {
+try {
+  log.info('Entering app.get for /userinfo.');
+  var headers = {
+    "Authorization": req.headers.authorization,
+  };
+  // All types of requests are converted to GET.
+  log.debug("Method: GET");
+  log.debug("URL: " + Buffer.from(req.query.userinfo_endpoint, 'base64').toString('utf-8'));
+  log.debug("headers: " + JSON.stringify(headers));
+  axios({
+      method: 'get',
+      url: Buffer.from(req.query.userinfo_endpoint, 'base64').toString('utf-8'),
+      headers: headers,
+      httpsAgent: new (require('https').Agent)({ rejectUnauthorized: true })
+    })
+    .then(function (response) {
+      log.debug('Response from OIDC UserInfo Endpoint: ' + JSON.stringify(response.data));
+      log.debug('Headers: ' + response.headers);
+      res.status(response.status);
+      res.json(response.data);
+    })
+    .catch(function (error) {
+      log.error('Error from OIDC UserInfo Endpoint: ' + error);
+      if(!!error.response) {
+        if(!!error.response.status) {
+          log.error("Error Status: " + error.response.status);
+        }
+        if(!!error.response.data) {
+          log.error("Error Response body: " + JSON.stringify(error.response.data));
+        }
+        if(!!error.response.headers) {
+          log.error("Error Response headers: " + error.response.headers);
+        }
+        if (!!error.response) {
+          res.status(error.response.status);
+          res.json(error.response.data);
+        } else {
+          res.status(STATUS_500);
+          res.json(error.message);
+        }
+      }
+    });
+  } catch(e) {
+    log.error("Error from OIDC UserInfo Endpoint: " + error);
+  }
+}
+
 let options = {
     swaggerDefinition: {
         info: {
@@ -200,7 +398,6 @@ let options = {
     basedir: __dirname, //app absolute path
     files: ['server.js'] //Path to the API handle folder
 };
-
 expressSwagger(options)
 app.listen(PORT, HOST);
 log.info(`Running on http://${HOST}:${PORT}`);

client/public/debugger.html

@@ -21,20 +21,22 @@
   <body>
 
 <div class="header_debugger">
-  <a href="/index.html" class="logo">IDPTools</a>
+  <a href="/index.html" class="logo" onclick="return debugger.clickLink();">IDPTools</a>
   <div class="header-right">
-    <a class="active" href="#home">Home</a>
-    <a href="#contact">Contact</a>
-    <a href="#about">About</a>
+    <a class="active" href="#home" onclick="return debugger.clickLink();">Home</a>
+    <a href="#contact" onclick="return debugger.clickLink();">Contact</a>
+    <a href="#about" onclick="return debugger.clickLink();">About</a>
   </div>
 </div>
 
     <div class="container">
 
 <script type="text/javascript" src="/js/debugger.js">
 </script>
-<p>This is a simple Client to use with any <a href="https://medium.com/@robert.broeckelmann/saml2-vs-jwt-understanding-oauth2-4abde9e7ec8b">OAuth2</a> or <a href="https://medium.com/@robert.broeckelmann/understanding-openid-connect-series-37c93d25e92b">OpenID Connect</a> compliant identity provider..
+<p>This is a simple Client to use with any <a href="https://medium.com/@robert.broeckelmann/saml2-vs-jwt-understanding-oauth2-4abde9e7ec8b" onclick="return debugger.clickLink();">OAuth2</a> or <a href="https://medium.com/@robert.broeckelmann/understanding-openid-connect-series-37c93d25e92b" onclick="return debugger.clickLink();">OpenID Connect</a> compliant identity provider.
 </p>
+<P><a href="https://www.rfc-editor.org/rfc/rfc6749" onclick="return debugger.clickLink();">OAuth2 RFC</a></P>
+<P><a hreef="https://openid.net/specs/openid-connect-core-1_0.html#UserInfoRequest">OIDC Spec</a></P>
 <p>This page manages interaction with the OAuth2 Authorization Endpoint.</p>
 <div class="step0" id="step0">
     <legend>OpenID Connect Discovery Endpoint Information
@@ -47,7 +49,7 @@
       <table border="0">
           <tr>
             <td>&nbsp;</td>
-            <td><p>An OIDC Discovery endpoint uses a path that ends in /.well-known/openid-configuration. See the <a href="https://openid.net/specs/openid-connect-discovery-1_0.html">spec</spec>.<p></td>
+            <td><p>An OIDC Discovery endpoint uses a path that ends in /.well-known/openid-configuration. See the <a href="https://openid.net/specs/openid-connect-discovery-1_0.html" onclick="return debugger.clickLink();">spec</a>.<p></td>
           </tr>
           <tr>
             <td>
@@ -149,7 +151,7 @@
               </div>
             </td>
             <td>
-              <input class="stored" id="jwks_endpoint" name="jwks_endpoint" type="text" max="150" /><a href="/jwks.html">Review JWKS meta data</a>
+              <input class="stored" id="jwks_endpoint" name="jwks_endpoint" type="text" max="150" /><a href="/jwks.html" onclick="return debugger.clickLink();">Review JWKS meta data</a>
             </td>
           </tr>
           <tr>
@@ -159,7 +161,7 @@
             </td>
             <td>Yes 
               <input checked="true" id="yesCheckOIDCArtifacts" name="yesno" onclick="debug.displayOIDCArtifacts();" type="radio" value="true" />No 
-              <input id="noCheckOIDCArtifacts" name="yesno" onclick="debug.displayOIDCArtifacts();" type="radio" value="false" />
+              <input checked="false" id="noCheckOIDCArtifacts" name="yesno" onclick="debug.displayOIDCArtifacts();" type="radio" value="false" />
             </td>
           </tr>
           <tr>
@@ -169,7 +171,7 @@
             </td>
             <td>Yes 
               <input checked="true" id="SSLValidate-yes" name="sslValidation" type="radio" value="true" />No 
-              <input id="SSLValidate-no" name="sslValidation" type="radio" value="false" />
+              <input checked="false" id="SSLValidate-no" name="sslValidation" type="radio" value="false" />
             </td>
           </tr>
           <tr>
@@ -179,7 +181,7 @@
             </td>
             <td>Yes 
               <input checked="true" id="useRefreshToken-yes" name="useRefreshToken" onclick="debug.useRefreshTokens();" type="radio" value="true" />No 
-              <input id="useRefreshToken-no" name="useRefreshToken" onclick="debug.useRefreshTokens();" type="radio" value="false" />
+              <input checked="false" id="useRefreshToken-no" name="useRefreshToken" onclick="debug.useRefreshTokens();" type="radio" value="false" />
             </td>
           </tr>
           <tr>
@@ -189,7 +191,7 @@
             </td>
             <td>Yes
               <input checked="true" id="usePKCE-yes" name="usePKCE" onclick="debug.usePKCERFC();" type="radio" value="true" />No
-              <input id="usePKCE-no" name="usePKCE" onclick="debug.usePKCERFC();" type="radio" value="false" />
+              <input checked="false" id="usePKCE-no" name="usePKCE" onclick="debug.usePKCERFC();" type="radio" value="false" />
             </td>
           </tr>
         </tbody>
@@ -357,11 +359,11 @@
 </div>
 
 <div class="footer_debugger">
-  <a href="/index.html" class="logo">IDPTools</a>
+  <a href="/index.html" class="logo" onclick="return debugger.clickLink();">IDPTools</a>
   <div class="header-right">
-    <a class="active" href="#home">Home</a>
-    <a href="#contact">Contact</a>
-    <a href="#about">About</a>
+    <a class="active" href="#home" onclick="return debugger.clickLink();">Home</a>
+    <a href="#contact" onclick="return debugger.clickLink();">Contact</a>
+    <a href="#about" onclick="return debugger.clickLink();">About</a>
   </div>
 </div>
 <link rel="apple-touch-icon" sizes="57x57" href="/apple-icon-57x57.png">