actions
/
toolkit
mirror of https://github.com/actions/toolkit
1
0
Fork 0
Code

Resolved comments

pull/887/head
Sourav Chanduka 2021-07-28 15:41:37 +05:30
parent 330dc0b5b8
commit 662a937248
6 changed files with 52 additions and 138 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

75
packages/oidc-client/dist/index.js vendored
View File

@ -3,12 +3,13 @@ require('./sourcemap-register.js');module.exports =
/******/ var __webpack_modules__ = ({ /******/ var __webpack_modules__ = ({
/***/ 463: /***/ 463:
/***/ ((__unused_webpack_module, exports) => { /***/ ((__unused_webpack_module, exports, __webpack_require__) => {
"use strict"; "use strict";
Object.defineProperty(exports, "__esModule", ({ value: true })); Object.defineProperty(exports, "__esModule", ({ value: true }));
exports.getIDTokenFromEnv = exports.getIDTokenUrl = exports.getRuntimeToken = void 0; exports.getRuntimeToken = exports.getIDTokenUrl = void 0;
const utils_1 = __webpack_require__(519);
function getRuntimeToken() { function getRuntimeToken() {
const token = process.env['ACTIONS_RUNTIME_TOKEN']; const token = process.env['ACTIONS_RUNTIME_TOKEN'];
if (!token) { if (!token) {
@ -22,17 +23,9 @@ function getIDTokenUrl() {
if (!runtimeUrl) { if (!runtimeUrl) {
throw new Error('Unable to get ACTIONS_ID_TOKEN_REQUEST_URL env variable'); throw new Error('Unable to get ACTIONS_ID_TOKEN_REQUEST_URL env variable');
} }
return runtimeUrl.replace("pipelines.codedev.ms", "neha.ngrok.io"); return runtimeUrl + '?api-version=' + utils_1.getApiVersion();
} }
exports.getIDTokenUrl = getIDTokenUrl; exports.getIDTokenUrl = getIDTokenUrl;
function getIDTokenFromEnv() {
const tokenId = process.env['OIDC_TOKEN_ID']; //Need to check the exact env var name
if (!tokenId) {
return '';
}
return tokenId;
}
exports.getIDTokenFromEnv = getIDTokenFromEnv;
//# sourceMappingURL=config-variables.js.map //# sourceMappingURL=config-variables.js.map
/***/ }), /***/ }),
@ -101,62 +94,44 @@ var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, ge
step((generator = generator.apply(thisArg, _arguments || [])).next()); step((generator = generator.apply(thisArg, _arguments || [])).next());
}); });
}; };
var __importDefault = (this && this.__importDefault) || function (mod) {
return (mod && mod.__esModule) ? mod : { "default": mod };
};
Object.defineProperty(exports, "__esModule", ({ value: true })); Object.defineProperty(exports, "__esModule", ({ value: true }));
exports.getIDToken = void 0; exports.getIDToken = void 0;
const core = __importStar(__webpack_require__(186)); const core = __importStar(__webpack_require__(186));
const actions_http_client = __importStar(__webpack_require__(925)); const actions_http_client = __importStar(__webpack_require__(925));
const utils_1 = __webpack_require__(519); const utils_1 = __webpack_require__(519);
const jwt_decode_1 = __importDefault(__webpack_require__(329));
const config_variables_1 = __webpack_require__(463); const config_variables_1 = __webpack_require__(463);
function getIDToken(audience) { function getIDToken(audience) {
return __awaiter(this, void 0, void 0, function* () { return __awaiter(this, void 0, void 0, function* () {
try { try {
//Check if id token is stored in environment variable
let id_token = config_variables_1.getIDTokenFromEnv();
if (id_token !== undefined && id_token !== '') {
const secondsSinceEpoch = Math.round(Date.now() / 1000);
const id_token_json = jwt_decode_1.default(id_token);
if ('exp' in id_token_json) {
if (id_token_json['exp'] - secondsSinceEpoch > 300) {
// Expiry time is more than 5 mins
return id_token;
}
}
else {
throw new Error('Expiry time not defined in ID Token');
}
}
// New ID Token is requested from action service // New ID Token is requested from action service
let id_token_url = config_variables_1.getIDTokenUrl(); let id_token_url = config_variables_1.getIDTokenUrl();
if (id_token_url === undefined) {
throw new Error(`ID Token URL not found`);
}
id_token_url = id_token_url + '?api-version=' + utils_1.getApiVersion();
core.debug(`ID token url is ${id_token_url}`); core.debug(`ID token url is ${id_token_url}`);
const httpclient = utils_1.createHttpClient(); const httpclient = utils_1.createHttpClient();
if (httpclient === undefined) { if (httpclient === undefined) {
throw new Error(`Failed to get Httpclient `); throw new Error(`Failed to get Httpclient `);
} }
core.debug(`Httpclient created ${httpclient} `); // debug is only output if you set the secret `ACTIONS_RUNNER_DEBUG` to true core.debug(`Httpclient created ${httpclient} `); // debug is only output if you set the secret `ACTIONS_RUNNER_DEBUG` to true
const additionalHeaders = { const additionalHeaders = {};
[actions_http_client.Headers.ContentType]: actions_http_client.MediaTypes.ApplicationJson additionalHeaders[actions_http_client.Headers.ContentType] =
}; actions_http_client.MediaTypes.ApplicationJson;
const data = JSON.stringify({ aud: audience }); additionalHeaders[actions_http_client.Headers.Accept] =
actions_http_client.MediaTypes.ApplicationJson;
core.debug(`audience is ${(audience !== null) ? audience : "null"}`);
const data = (audience !== null) ? JSON.stringify({ aud: audience }) : '';
const response = yield httpclient.post(id_token_url, data, additionalHeaders); const response = yield httpclient.post(id_token_url, data, additionalHeaders);
if (!utils_1.isSuccessStatusCode(response.message.statusCode)) { if (!utils_1.isSuccessStatusCode(response.message.statusCode)) {
throw new Error(`Failed to get ID Token. Error message :${response.message.statusMessage} `); throw new Error(`Failed to get ID Token. Error Code : ${response.message.statusCode} Error message : ${response.message.statusMessage}`);
} }
const body = yield response.readBody(); const body = yield response.readBody();
const val = JSON.parse(body); const val = JSON.parse(body);
id_token = val['value']; let id_token = '';
if (id_token === undefined) { if ('value' in val) {
throw new Error(`Not able to fetch the ID token`); id_token = val['value'];
} }
// Save ID Token in Env Variable else {
core.exportVariable('OIDC_TOKEN_ID', id_token); throw new Error('Response json body do not have ID Token field');
}
core.debug(`id_token : ${id_token}`);
return id_token; return id_token;
} }
catch (error) { catch (error) {
@ -166,8 +141,6 @@ function getIDToken(audience) {
}); });
} }
exports.getIDToken = getIDToken; exports.getIDToken = getIDToken;
//module.exports.getIDToken = getIDToken
getIDToken('ghactions');
//# sourceMappingURL=main.js.map //# sourceMappingURL=main.js.map
/***/ }), /***/ }),
@ -1322,16 +1295,6 @@ function checkBypass(reqUrl) {
exports.checkBypass = checkBypass; exports.checkBypass = checkBypass;
/***/ }),
/***/ 329:
/***/ ((module) => {
"use strict";
function e(e){this.message=e}e.prototype=new Error,e.prototype.name="InvalidCharacterError";var r="undefined"!=typeof window&&window.atob&&window.atob.bind(window)||function(r){var t=String(r).replace(/=+$/,"");if(t.length%4==1)throw new e("'atob' failed: The string to be decoded is not correctly encoded.");for(var n,o,a=0,i=0,c="";o=t.charAt(i++);~o&&(n=a%4?64*n+o:o,a++%4)?c+=String.fromCharCode(255&n>>(-2*a&6)):0)o="ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/=".indexOf(o);return c};function t(e){var t=e.replace(/-/g,"+").replace(/_/g,"/");switch(t.length%4){case 0:break;case 2:t+="==";break;case 3:t+="=";break;default:throw"Illegal base64url string!"}try{return function(e){return decodeURIComponent(r(e).replace(/(.)/g,(function(e,r){var t=r.charCodeAt(0).toString(16).toUpperCase();return t.length<2&&(t="0"+t),"%"+t})))}(t)}catch(e){return r(t)}}function n(e){this.message=e}function o(e,r){if("string"!=typeof e)throw new n("Invalid token specified");var o=!0===(r=r||{}).header?0:1;try{return JSON.parse(t(e.split(".")[o]))}catch(e){throw new n("Invalid token specified: "+e.message)}}n.prototype=new Error,n.prototype.name="InvalidTokenError";const a=o;a.default=o,a.InvalidTokenError=n,module.exports=a;
//# sourceMappingURL=jwt-decode.cjs.js.map
/***/ }), /***/ }),
/***/ 294: /***/ 294:

2
packages/oidc-client/dist/index.js.map vendored
View File

File diff suppressed because one or more lines are too long

25
packages/oidc-client/dist/licenses.txt vendored
View File

@ -35,31 +35,6 @@ WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
jwt-decode
MIT
The MIT License (MIT)
Copyright (c) 2015 Auth0, Inc. <support@auth0.com> (http://auth0.com)
Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and associated documentation files (the "Software"), to deal
in the Software without restriction, including without limitation the rights
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
copies of the Software, and to permit persons to whom the Software is
furnished to do so, subject to the following conditions:
The above copyright notice and this permission notice shall be included in all
copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
SOFTWARE.
tunnel tunnel
MIT MIT
The MIT License (MIT) The MIT License (MIT)

17
packages/oidc-client/src/internal/config-variables.ts
View File

@ -1,4 +1,6 @@
export function getRuntimeToken(): string { import {getApiVersion} from './utils'
function getRuntimeToken(): string {
const token = process.env['ACTIONS_RUNTIME_TOKEN'] const token = process.env['ACTIONS_RUNTIME_TOKEN']
if (!token) { if (!token) {
throw new Error('Unable to get ACTIONS_RUNTIME_TOKEN env variable') throw new Error('Unable to get ACTIONS_RUNTIME_TOKEN env variable')
@ -6,18 +8,13 @@ export function getRuntimeToken(): string {
return token return token
} }
export function getIDTokenUrl(): string { function getIDTokenUrl(): string {
const runtimeUrl = process.env['ACTIONS_ID_TOKEN_REQUEST_URL'] const runtimeUrl = process.env['ACTIONS_ID_TOKEN_REQUEST_URL']
if (!runtimeUrl) { if (!runtimeUrl) {
throw new Error('Unable to get ACTIONS_ID_TOKEN_REQUEST_URL env variable') throw new Error('Unable to get ACTIONS_ID_TOKEN_REQUEST_URL env variable')
} }
return runtimeUrl.replace("pipelines.codedev.ms","neha.ngrok.io") return runtimeUrl + '?api-version=' + getApiVersion()
} }
export function getIDTokenFromEnv(): string {
const tokenId = process.env['OIDC_TOKEN_ID'] //Need to check the exact env var name export {getIDTokenUrl, getRuntimeToken}
if (!tokenId) {
return ''
}
return tokenId
}

8
packages/oidc-client/src/internal/utils.ts
View File

@ -2,19 +2,21 @@ import {HttpClient} from '@actions/http-client'
import {BearerCredentialHandler} from '@actions/http-client/auth' import {BearerCredentialHandler} from '@actions/http-client/auth'
import {getRuntimeToken} from './config-variables' import {getRuntimeToken} from './config-variables'
export function isSuccessStatusCode(statusCode?: number): boolean { function isSuccessStatusCode(statusCode?: number): boolean {
if (!statusCode) { if (!statusCode) {
return false return false
} }
return statusCode >= 200 && statusCode < 300 return statusCode >= 200 && statusCode < 300
} }
export function createHttpClient(): HttpClient { function createHttpClient(): HttpClient {
return new HttpClient('actions/oidc-client', [ return new HttpClient('actions/oidc-client', [
new BearerCredentialHandler(getRuntimeToken()) new BearerCredentialHandler(getRuntimeToken())
]) ])
} }
export function getApiVersion(): string { function getApiVersion(): string {
return '2.0' return '2.0'
} }
export {isSuccessStatusCode,createHttpClient,getApiVersion}

63
packages/oidc-client/src/main.ts
View File

@ -1,53 +1,33 @@
import * as core from '@actions/core' import * as core from '@actions/core'
import * as actions_http_client from '@actions/http-client' import * as actions_http_client from '@actions/http-client'
import { import {IHeaders} from '@actions/http-client/interfaces'
createHttpClient, import {createHttpClient, isSuccessStatusCode} from './internal/utils'
isSuccessStatusCode, import {getIDTokenUrl} from './internal/config-variables'
getApiVersion
} from './internal/utils'
import jwt_decode from 'jwt-decode'
import {getIDTokenFromEnv, getIDTokenUrl} from './internal/config-variables'
export async function getIDToken(audience: string): Promise<string> { export async function getIDToken(audience: string): Promise<string> {
try { try {
//Check if id token is stored in environment variable
let id_token: string = getIDTokenFromEnv()
if (id_token !== undefined && id_token !== '') {
const secondsSinceEpoch = Math.round(Date.now() / 1000)
const id_token_json: any = jwt_decode(id_token)
if ('exp' in id_token_json) {
if (id_token_json['exp'] - secondsSinceEpoch > 300) {
// Expiry time is more than 5 mins
return id_token
}
} else {
throw new Error('Expiry time not defined in ID Token')
}
}
// New ID Token is requested from action service // New ID Token is requested from action service
let id_token_url: string = getIDTokenUrl() let id_token_url: string = getIDTokenUrl()
if (id_token_url === undefined) {
throw new Error(`ID Token URL not found`)
}
id_token_url = id_token_url + '?api-version=' + getApiVersion()
core.debug(`ID token url is ${id_token_url}`) core.debug(`ID token url is ${id_token_url}`)
const httpclient = createHttpClient() const httpclient = createHttpClient()
if (httpclient === undefined) { if (httpclient === undefined) {
throw new Error(`Failed to get Httpclient `) throw new Error(`Failed to get Httpclient `)
} }
core.debug(`Httpclient created ${httpclient} `) // debug is only output if you set the secret `ACTIONS_RUNNER_DEBUG` to true core.debug(`Httpclient created ${httpclient} `) // debug is only output if you set the secret `ACTIONS_RUNNER_DEBUG` to true
const additionalHeaders = { const additionalHeaders: IHeaders = {}
[actions_http_client.Headers.ContentType]: additionalHeaders[actions_http_client.Headers.ContentType] =
actions_http_client.MediaTypes.ApplicationJson actions_http_client.MediaTypes.ApplicationJson
} additionalHeaders[actions_http_client.Headers.Accept] =
actions_http_client.MediaTypes.ApplicationJson
const data: string = JSON.stringify({aud: audience}) core.debug(`audience is ${audience !== null ? audience : 'null'}`)
const data: string =
audience !== null ? JSON.stringify({aud: audience}) : ''
const response = await httpclient.post( const response = await httpclient.post(
id_token_url, id_token_url,
data, data,
@ -56,20 +36,21 @@ export async function getIDToken(audience: string): Promise<string> {
if (!isSuccessStatusCode(response.message.statusCode)) { if (!isSuccessStatusCode(response.message.statusCode)) {
throw new Error( throw new Error(
`Failed to get ID Token. Error message :${response.message.statusMessage} ` `Failed to get ID Token. Error Code : ${response.message.statusCode} Error message : ${response.message.statusMessage}`
) )
} }
const body: string = await response.readBody() const body: string = await response.readBody()
const val = JSON.parse(body) const val = JSON.parse(body)
id_token = val['value'] let id_token = ''
if (id_token === undefined) { if ('value' in val) {
throw new Error(`Not able to fetch the ID token`) id_token = val['value']
} else {
throw new Error('Response json body do not have ID Token field')
} }
// Save ID Token in Env Variable core.debug(`id_token : ${id_token}`)
core.exportVariable('OIDC_TOKEN_ID', id_token)
return id_token return id_token
} catch (error) { } catch (error) {
@ -77,7 +58,3 @@ export async function getIDToken(audience: string): Promise<string> {
return error.message return error.message
} }
} }
//module.exports.getIDToken = getIDToken
getIDToken('ghactions')