Merge pull request #240 from axa-group/ntk/bump

Bump dependencies

.eslintignore

@@ -1,4 +1,3 @@
 node_modules/
-TestResults/
 .vscode
 dist/

.eslintrc.json

@@ -2,11 +2,11 @@
   "root": true,
   "parser": "@typescript-eslint/parser",
   "parserOptions": {
-    "ecmaVersion": 2019,
+    "ecmaVersion": 2021,
     "sourceType": "module",
     "project": "./tsconfig.json"
   },
-  "plugins": ["@typescript-eslint", "import", "jest", "jsdoc"],
+  "plugins": ["@typescript-eslint", "import", "vitest", "jsdoc"],
   "extends": [
     "eslint:recommended",
     "plugin:@typescript-eslint/recommended",
@@ -15,7 +15,7 @@
     "plugin:import/warnings",
     "plugin:import/typescript",
     "plugin:jsdoc/recommended",
-    "plugin:jest/recommended",
+    "plugin:vitest/recommended",
     "plugin:prettier/recommended"
   ],
   "rules": {

.gitattributes

@@ -1,4 +1,2 @@
 # Auto detect text files and perform LF normalization
 * text=auto
-
-package.json text eol=lf

.github/workflows/main.yml

@@ -10,7 +10,7 @@ jobs:
     strategy:
       matrix:
         os: [ubuntu-latest, macos-latest, windows-latest]
-        node-version: [^14.15, ^16.13, ^18]
+        node-version: [^16.13, ^18.12, ^20]
     runs-on: ${{ matrix.os }}
     steps:
       - uses: actions/checkout@v2

.gitignore

@@ -1,5 +1,5 @@
-node_modules/
-TestResults/
-.vscode
-.cache/
-dist/
+/node_modules/
+/coverage/
+/.vscode/
+/.cache/
+/dist/

.vscode/extensions.json

@@ -3,7 +3,5 @@
     "editorconfig.editorconfig",
     "dbaeumer.vscode-eslint",
     "esbenp.prettier-vscode",
-    "firsttris.vscode-jest-runner",
-    "redhat.vscode-yaml",
   ]
 }

CHANGELOG.md

@@ -4,7 +4,16 @@ All notable changes to this project will be documented in this file.
 
 The format is based on [Keep a Changelog](http://keepachangelog.com/en/1.0.0/).
 
-## [5.0.2](https://github.com/axa-group/oauth2-mock-server/compare/v5.0.1...v5.0.2) — 2022-02-20
+## [6.0.0](https://github.com/axa-group/oauth2-mock-server/compare/v5.0.2...v6.0.0) — 2023-06-19
+
+### Changed
+
+- **Breaking:** No longer support Node.js 14
+- Fix authorize endpoint compliance (remove scope requirement, make state optional) (by [jirutka](https://github.com/jirutka))
+- Add support for Node.js 20
+- Update dependencies
+
+## [5.0.2](https://github.com/axa-group/oauth2-mock-server/compare/v5.0.1...v5.0.2) — 2023-02-20
 
 ### Security
 

README.md

@@ -13,7 +13,7 @@ The purpose of this package is to provide an easily configurable OAuth 2 server,
 
 ## Development prerequisites
 
-- [Node.js 14+](https://nodejs.org/)
+- [Node.js 16+](https://nodejs.org/)
 - [Yarn 1.15.2+](https://classic.yarnpkg.com/lang/en/)
 
 ## How to use

package.json

@@ -1,6 +1,6 @@
 {
   "name": "oauth2-mock-server",
-  "version": "5.0.2",
+  "version": "6.0.0",
   "description": "OAuth 2 mock server",
   "keywords": [
     "oauth",
@@ -19,7 +19,7 @@
   },
   "license": "MIT",
   "engines": {
-    "node": "^14.15 || ^16.13 || ^18",
+    "node": "^16.13 || ^18.12 || ^20",
     "yarn": "^1.15.2"
   },
   "repository": {
@@ -39,52 +39,46 @@
     "dist/**/*.*"
   ],
   "scripts": {
-    "build:clean": "rimraf ./dist",
-    "prebuild": "yarn build:clean",
+    "prebuild": "rimraf ./dist ./.cache",
     "build": "tsc -p ./tsconfig.build.json",
-    "cleanup:testresults": "rimraf TestResults",
     "prelint": "tsc --noEmit",
-    "lint": "eslint --cache --cache-location .cache/ --ext=.js,.ts src test --max-warnings 0",
+    "lint": "eslint --cache --cache-location .cache/ --ext=.ts src test --max-warnings 0",
     "prepack": "yarn build --tsBuildInfoFile null --incremental false",
-    "pretest": "yarn cleanup:testresults && yarn lint",
-    "test": "yarn jest"
+    "pretest": "yarn lint",
+    "test": "yarn vitest --run  --coverage"
   },
   "dependencies": {
     "basic-auth": "^2.0.1",
-    "body-parser": "^1.20.1",
     "cors": "^2.8.5",
     "express": "^4.18.2",
-    "jose": "^4.12.0",
+    "jose": "^4.14.4",
     "lodash.isplainobject": "^4.0.6",
     "uuid": "^9.0.0"
   },
   "devDependencies": {
     "@types/basic-auth": "^1.1.3",
     "@types/cors": "^2.8.13",
     "@types/express": "^4.17.17",
-    "@types/jest": "^29.4.0",
     "@types/lodash.isplainobject": "^4.0.7",
-    "@types/node": "^14.18.36",
+    "@types/node": "^16.18.28",
     "@types/supertest": "^2.0.12",
-    "@types/uuid": "^9.0.0",
-    "@typescript-eslint/eslint-plugin": "^5.52.0",
-    "@typescript-eslint/parser": "^5.52.0",
-    "eslint": "^8.34.0",
-    "eslint-config-prettier": "^8.6.0",
+    "@types/uuid": "^9.0.1",
+    "@typescript-eslint/eslint-plugin": "^5.59.7",
+    "@typescript-eslint/parser": "^5.59.7",
+    "@vitest/coverage-c8": "^0.31.1",
+    "eslint": "^8.41.0",
+    "eslint-config-prettier": "^8.8.0",
     "eslint-plugin-import": "^2.27.5",
-    "eslint-plugin-jest": "^27.2.1",
-    "eslint-plugin-jsdoc": "^40.0.0",
+    "eslint-plugin-jsdoc": "^45.0.0",
     "eslint-plugin-prettier": "^4.2.1",
-    "jest": "^29.4.3",
-    "jest-junit": "^14.0.0",
-    "prettier": "^2.8.4",
-    "rimraf": "^4.1.2",
+    "eslint-plugin-vitest": "^0.2.3",
+    "prettier": "^2.8.8",
+    "rimraf": "^5.0.1",
     "supertest": "^6.3.3",
-    "ts-jest": "^29.0.5",
-    "ts-node": "^10.9.1",
-    "typescript": "^4.9.5"
+    "typescript": "^5.0.4",
+    "vitest": "^0.31.1"
   },
   "resolutions": {
-    "@types/node": "^14"
+    "@types/node": "^16"
   }
 }

src/lib/helpers.ts

@@ -55,7 +55,6 @@ export function assertIsPlainObject(
   obj: unknown,
   errMessage: string
 ): asserts obj is Record<string, unknown> {
-  // eslint-disable-next-line @typescript-eslint/no-unsafe-call
   if (!isPlainObject(obj)) {
     throw new AssertionError({ message: errMessage });
   }
@@ -67,13 +66,13 @@ export function assertIsValidTokenRequest(
   assertIsPlainObject(body, 'Invalid token request body');
 
   if ('scope' in body) {
-    assertIsString(body.scope, "Invalid 'scope' type");
+    assertIsString(body['scope'], "Invalid 'scope' type");
   }
 
-  assertIsString(body.grant_type, "Invalid 'grant_type' type");
+  assertIsString(body['grant_type'], "Invalid 'grant_type' type");
 
   if ('code' in body) {
-    assertIsString(body.code, "Invalid 'code' type");
+    assertIsString(body['code'], "Invalid 'code' type");
   }
 }
 

src/lib/http-server.ts

@@ -15,7 +15,6 @@
 
 /**
  * HTTP Server library
- *
  * @module lib/http-server
  */
 
@@ -36,7 +35,6 @@ export class HttpServer {
 
   /**
    * Creates a new instance of HttpServer.
-   *
    * @param {RequestListener} requestListener The function that will handle the server's requests.
    * @param {HttpServerOptions} options Optional HttpServerOptions to start the server with https.
    */
@@ -53,7 +51,6 @@ export class HttpServer {
 
   /**
    * Returns a value indicating whether or not the server is listening for connections.
-   *
    * @type {boolean}
    */
   get listening(): boolean {
@@ -63,7 +60,6 @@ export class HttpServer {
   /**
    * Returns the bound address, family name and port where the server is listening,
    * or null if the server has not been started.
-   *
    * @returns {AddressInfo} The server bound address information.
    */
   address(): AddressInfo {
@@ -80,7 +76,6 @@ export class HttpServer {
 
   /**
    * Starts the server.
-   *
    * @param {number} [port] Port number. If omitted, it will be assigned by the operating system.
    * @param {string} [host] Host name.
    * @returns {Promise<void>} A promise that resolves when the server has been started.
@@ -100,7 +95,6 @@ export class HttpServer {
 
   /**
    * Stops the server.
-   *
    * @returns {Promise} Resolves when the server has been stopped.
    */
   async stop(): Promise<void> {

src/lib/jwk-store.ts

@@ -15,7 +15,6 @@
 
 /**
  * JWK Store library
- *
  * @module lib/jwk-store
  */
 
@@ -30,6 +29,7 @@ import {
 
 import { JWK } from './types';
 import { JWKWithKid } from './types-internals';
+import { AssertionError } from 'assert';
 
 const generateRandomKid = () => {
   return randomBytes(40).toString('hex');
@@ -93,14 +93,14 @@ function normalizeKeyKid(
   jwk: Record<string, unknown>,
   opts?: { kid?: string }
 ): asserts jwk is JWKWithKid {
-  if (jwk.kid !== undefined) {
+  if (jwk['kid'] !== undefined) {
     return;
   }
 
   if (opts !== undefined && opts.kid !== undefined) {
-    jwk.kid = opts.kid;
+    jwk['kid'] = opts.kid;
   } else {
-    jwk.kid = generateRandomKid();
+    jwk['kid'] = generateRandomKid();
   }
 }
 
@@ -119,7 +119,6 @@ export class JWKStore {
 
   /**
    * Generates a new random key and adds it into this keystore.
-   *
    * @param {string} alg The selected algorithm.
    * @param {object} [opts] The options.
    * @param {string} [opts.kid] The key identifier to use.
@@ -146,7 +145,6 @@ export class JWKStore {
 
   /**
    * Adds a JWK key to this keystore.
-   *
    * @param {object} maybeJwk The JWK key to add.
    * @returns {Promise<JWK>} The promise for the added key.
    */
@@ -181,7 +179,6 @@ export class JWKStore {
   /**
    * Gets a key from the keystore in a round-robin fashion.
    * If a 'kid' is provided, only keys that match will be taken into account.
-   *
    * @param {string} [kid] The optional key identifier to match keys against.
    * @returns {JWK.Key | null} The retrieved key.
    */
@@ -192,7 +189,6 @@ export class JWKStore {
   /**
    * Generates a JSON representation of this keystore, which conforms
    * to a JWK Set from {I-D.ietf-jose-json-web-key}.
-   *
    * @param {boolean} [includePrivateFields = false] `true` if the private fields
    *        of stored keys are to be included.
    * @returns {JWK[]} The JSON representation of this keystore.
@@ -235,6 +231,11 @@ class KeyRotator {
       }
 
       const cleaner = privateToPublicTransformerMap[key.alg];
+
+      if (cleaner === undefined) {
+        throw new Error(`Unsupported algo '{key.alg}'`);
+      }
+
       keys.push(cleaner(key));
     }
 
@@ -256,6 +257,12 @@ class KeyRotator {
   private moveToTheEnd(i: number): JWK {
     const [key] = this.#keys.splice(i, 1);
 
+    if (key === undefined) {
+      throw new AssertionError({
+        message: 'Unexpected error. key is supposed to exist',
+      });
+    }
+
     this.#keys.push(key);
 
     return key;