UNPKG

@sap/xssec

Version:

XS Advanced Container Security API for node.js

60 lines (50 loc) 2.5 kB
const ConfigurationError = require("../error/configuration/ConfigurationError"); const SecurityContext = require("./SecurityContext"); /** * @typedef {import('../service/IdentityService')} IdentityService * @typedef {import('../token/IdentityServiceToken')} IdentityServiceToken * @typedef {import('../util/Types').SecurityContextConfig} SecurityContextConfig */ /** @extends {SecurityContext<IdentityService, IdentityServiceToken>} */ class IdentityServiceSecurityContext extends SecurityContext { /** * @param {IdentityService|null} service * @param {IdentityServiceToken} token * @param {SecurityContextConfig} [contextConfig] */ constructor(service, token, contextConfig) { super(service, token, contextConfig); } /** * Returns the service plans of the consumer application. * This method is only available if the context was created from an app2service token and a service with proof token validation enabled. * @returns {string[]} */ get servicePlans() { if(!this.service.hasProofTokenEnabled()) { throw new ConfigurationError("This property is only available on IdentityServiceSecurityContexts created on an IdentityService with proofToken validation enabled."); } return this.config.servicePlans; } /** * Checks whether the token from which this context was created is a token fetched by the OAuth 2.0 client for internal use. * This method requires the IdentityService instance to have x5t validation enabled. * @returns {boolean} true if the token was fetched via client credentials flow with the credentials of this context's IdentityService instance, false otherwise. */ isInternal() { if(!this.service.hasX5tEnabled()) { throw new ConfigurationError("This method is only available on IdentityServiceSecurityContexts created on an IdentityService instance with x5t validation enabled."); } return this.token.azp === this.service.credentials.clientid && this.token.subject === this.service.credentials.clientid && this.token.appTid === this.service.credentials.app_tid; } // Methods for backward-compatibility getUserInfo() { return { ...super.getUserInfo(), logonName: this.token.payload.user_name || this.token.email || this.token.payload.user_uuid || "", }; } } module.exports = IdentityServiceSecurityContext;