diff --git a/backend/package.json b/backend/package.json index 4f9f4db13..832fdc346 100644 --- a/backend/package.json +++ b/backend/package.json @@ -58,7 +58,7 @@ "minio": "8.0.1", "mysql": "2.18.1", "node-fetch": "2.7.0", - "openid-client": "5.6.5", + "openid-client": "5.7.0", "pg": "8.13.0", "raw-body": "3.0.0", "reflect-metadata": "0.2.2", diff --git a/backend/src/api/private/auth/oidc/oidc.controller.ts b/backend/src/api/private/auth/oidc/oidc.controller.ts index ce7434054..82521494e 100644 --- a/backend/src/api/private/auth/oidc/oidc.controller.ts +++ b/backend/src/api/private/auth/oidc/oidc.controller.ts @@ -6,11 +6,13 @@ import { Controller, Get, + InternalServerErrorException, Param, Redirect, Req, UnauthorizedException, } from '@nestjs/common'; +import { HttpException } from '@nestjs/common/exceptions/http.exception'; import { ApiTags } from '@nestjs/swagger'; import { IdentityService } from '../../../../identity/identity.service'; @@ -56,7 +58,7 @@ export class OidcController { @Get(':oidcIdentifier/callback') @Redirect() - @OpenApi(201, 400, 401) + @OpenApi(201, 400, 401, 500) async callback( @Param('oidcIdentifier') oidcIdentifier: string, @Req() request: RequestWithSession, @@ -68,7 +70,7 @@ export class OidcController { ); const oidcUserIdentifier = request.session.providerUserId; if (!oidcUserIdentifier) { - throw new Error('No OIDC user identifier found'); + throw new UnauthorizedException('No OIDC user identifier found'); } const identity = await this.oidcService.getExistingOidcIdentity( oidcIdentifier, @@ -94,11 +96,14 @@ export class OidcController { return { url: '/new-user' }; } } catch (error) { + if (error instanceof HttpException) { + throw error; + } this.logger.log( - 'Error during OIDC callback:' + String(error), + 'Error during OIDC callback: ' + String(error), 'callback', ); - throw new UnauthorizedException(); + throw new InternalServerErrorException(); } } } diff --git a/backend/src/identity/oidc/oidc.service.ts b/backend/src/identity/oidc/oidc.service.ts index 09b706f82..095264165 100644 --- a/backend/src/identity/oidc/oidc.service.ts +++ b/backend/src/identity/oidc/oidc.service.ts @@ -108,8 +108,8 @@ export class OidcService { }; } - // Update all client configs every sunday on 3:30 AM - @Cron('30 3 * * 0') + // Update all client configs every day on 3:30 AM + @Cron('30 3 * * *') handleCronUpdateClientConfigs(): void { this.updateClientConfigs(); } @@ -188,8 +188,8 @@ export class OidcService { const state = request.session.oidcLoginState; const isAutodiscovered = clientConfig.config.authorizeUrl === undefined; const callbackMethod = isAutodiscovered - ? client.callback.bind(this) - : client.oauthCallback.bind(this); + ? client.callback.bind(client) + : client.oauthCallback.bind(client); const tokenSet = await callbackMethod(clientConfig.redirectUri, params, { // eslint-disable-next-line @typescript-eslint/naming-convention code_verifier: code, diff --git a/yarn.lock b/yarn.lock index e7f41f7d7..ee5a88b41 100644 --- a/yarn.lock +++ b/yarn.lock @@ -2618,7 +2618,7 @@ __metadata: mocked-env: "npm:1.3.5" mysql: "npm:2.18.1" node-fetch: "npm:2.7.0" - openid-client: "npm:5.6.5" + openid-client: "npm:5.7.0" pg: "npm:8.13.0" prettier: "npm:3.3.3" raw-body: "npm:3.0.0" @@ -13199,7 +13199,7 @@ __metadata: languageName: node linkType: hard -"jose@npm:^4.15.5": +"jose@npm:^4.15.9": version: 4.15.9 resolution: "jose@npm:4.15.9" checksum: 10c0/4ed4ddf4a029db04bd167f2215f65d7245e4dc5f36d7ac3c0126aab38d66309a9e692f52df88975d99429e357e5fd8bab340ff20baab544d17684dd1d940a0f4 @@ -15133,15 +15133,15 @@ __metadata: languageName: node linkType: hard -"openid-client@npm:5.6.5": - version: 5.6.5 - resolution: "openid-client@npm:5.6.5" +"openid-client@npm:5.7.0": + version: 5.7.0 + resolution: "openid-client@npm:5.7.0" dependencies: - jose: "npm:^4.15.5" + jose: "npm:^4.15.9" lru-cache: "npm:^6.0.0" object-hash: "npm:^2.2.0" oidc-token-hash: "npm:^5.0.3" - checksum: 10c0/4308dcd37a9ffb1efc2ede0bc556ae42ccc2569e71baa52a03ddfa44407bf403d4534286f6f571381c5eaa1845c609ed699a5eb0d350acfb8c3bacb72c2a6890 + checksum: 10c0/02e42c66415581262c0372e178dba2bc958f1b5cfd2eb502b4f71b7718fc11dfac37b12117b1c73cff5dc80f5871cd830e175aae95ae212fbd353f3efa1de091 languageName: node linkType: hard