Merge pull request #1131 from sesamyab/ma/ticket

Ma/ticket

package.json

@@ -69,7 +69,7 @@
     "lru-cache": "^11.0.2",
     "nanoid": "5.0.8",
     "oslo": "^1.2.1",
-    "playwright": "^1.44.1",
+    "playwright": "1.44.1",
     "xml-crypto": "^6.0.0",
     "xmldsigjs": "^2.6.1",
     "zod": "3.23.8"

src/authentication-flows/ticket.ts

@@ -31,31 +31,36 @@ export async function ticketAuth(
 
   ctx.set("connection", realm);
 
-  const ticket = await env.data.tickets.get(tenant_id, ticketId);
-
-  if (!ticket) {
+  const code = await env.data.codes.get(tenant_id, ticketId, "ticket");
+  if (!code) {
     throw new HTTPException(403, { message: "Ticket not found" });
   }
 
-  const client = await getClient(ctx.env, ticket.client_id);
-  ctx.set("client_id", ticket.client_id);
+  const login = await env.data.logins.get(tenant_id, code.login_id);
+
+  if (!login || !login.authParams.username) {
+    throw new HTTPException(403, { message: "Session not found" });
+  }
+
+  const client = await getClient(ctx.env, login.authParams.client_id);
+  ctx.set("client_id", login.authParams.client_id);
 
-  await env.data.tickets.remove(tenant_id, ticketId);
+  await env.data.codes.remove(tenant_id, ticketId);
 
   const provider = getProviderFromRealm(realm);
 
   let user = await getPrimaryUserByEmailAndProvider({
     userAdapter: env.data.users,
     tenant_id,
-    email: ticket.email,
+    email: login.authParams.username,
     provider,
   });
 
   if (!user) {
     user = await env.data.users.create(tenant_id, {
       user_id: `email|${userIdGenerate()}`,
-      email: ticket.email,
-      name: ticket.email,
+      email: login.authParams.username,
+      name: login.authParams.username,
       provider: "email",
       connection: "email",
       email_verified: true,
@@ -74,7 +79,7 @@ export async function ticketAuth(
   return generateAuthResponse({
     ctx,
     authParams: {
-      scope: ticket.authParams?.scope,
+      scope: login.authParams?.scope,
       ...authParams,
     },
     user,

src/routes/oauth2/authenticate.ts

@@ -5,7 +5,7 @@ import { Env, Var } from "../../types";
 import { HTTPException } from "hono/http-exception";
 import { getClient } from "../../services/clients";
 import { loginWithPassword } from "../../authentication-flows/password";
-import { Ticket } from "@authhero/adapter-interfaces";
+import { Login } from "authhero";
 
 function createUnauthorizedResponse() {
   return new HTTPException(403, {
@@ -73,51 +73,56 @@ export const authenticateRoutes = new OpenAPIHono<{
 
       const email = username.toLocaleLowerCase();
 
-      const ticket: Ticket = {
-        id: nanoid(),
-        tenant_id: client.tenant.id,
-        client_id: client.id,
-        email: email,
-        created_at: new Date(),
-        expires_at: new Date(Date.now() + TICKET_EXPIRATION_TIME),
-      };
+      let loginSession: Login;
 
       if (otp) {
         const code = await ctx.env.data.codes.get(client.tenant.id, otp, "otp");
         if (!code) {
           throw createUnauthorizedResponse();
         }
 
-        const loginSession = await ctx.env.data.logins.get(
+        const existingLoginSession = await ctx.env.data.logins.get(
           client.tenant.id,
           code.login_id,
         );
-        if (!loginSession || loginSession.authParams.username !== email) {
+        if (
+          !existingLoginSession ||
+          existingLoginSession.authParams.username !== email
+        ) {
           throw createUnauthorizedResponse();
         }
 
-        if (loginSession.authParams.username !== email) {
-          throw createUnauthorizedResponse();
-        }
-
-        // TODO: A temporary solution as the ticket doesn't have a username field. We should move the tickets over to the codes table instead
-        const { username, ...authParams } = loginSession.authParams;
-        ticket.authParams = authParams;
+        loginSession = existingLoginSession;
       } else if (password) {
         // This will throw if the login fails
         await loginWithPassword(ctx, client, {
           username,
           password,
           client_id,
         });
+
+        loginSession = await ctx.env.data.logins.create(client.tenant.id, {
+          expires_at: new Date(
+            Date.now() + TICKET_EXPIRATION_TIME,
+          ).toISOString(),
+          authParams: {
+            client_id: client.id,
+            username: email,
+          },
+        });
       } else {
         throw new HTTPException(400, { message: "Code or password required" });
       }
 
-      await ctx.env.data.tickets.create(ticket);
+      const code = await ctx.env.data.codes.create(client.tenant.id, {
+        code_id: nanoid(),
+        code_type: "ticket",
+        login_id: loginSession.login_id,
+        expires_at: new Date(Date.now() + TICKET_EXPIRATION_TIME).toISOString(),
+      });
 
       return ctx.json({
-        login_ticket: ticket.id,
+        login_ticket: code.code_id,
         // TODO: I guess these should be validated when accepting the ticket
         co_verifier: randomString(32),
         co_id: randomString(12),

yarn.lock

@@ -6660,17 +6660,17 @@ pkijs@^3.0.10:
     pvutils "^1.1.3"
     tslib "^2.6.3"
 
-playwright-core@1.49.0:
-  version "1.49.0"
-  resolved "https://registry.yarnpkg.com/playwright-core/-/playwright-core-1.49.0.tgz#8e69ffed3f41855b854982f3632f2922c890afcb"
-  integrity sha512-R+3KKTQF3npy5GTiKH/T+kdhoJfJojjHESR1YEWhYuEKRVfVaxH3+4+GvXE5xyCngCxhxnykk0Vlah9v8fs3jA==
+playwright-core@1.44.1:
+  version "1.44.1"
+  resolved "https://registry.yarnpkg.com/playwright-core/-/playwright-core-1.44.1.tgz#53ec975503b763af6fc1a7aa995f34bc09ff447c"
+  integrity sha512-wh0JWtYTrhv1+OSsLPgFzGzt67Y7BE/ZS3jEqgGBlp2ppp1ZDj8c+9IARNW4dwf1poq5MgHreEM2KV/GuR4cFA==
 
-playwright@^1.44.1:
-  version "1.49.0"
-  resolved "https://registry.yarnpkg.com/playwright/-/playwright-1.49.0.tgz#df6b9e05423377a99658202844a294a8afb95d0a"
-  integrity sha512-eKpmys0UFDnfNb3vfsf8Vx2LEOtflgRebl0Im2eQQnYMA4Aqd+Zw8bEOB+7ZKvN76901mRnqdsiOGKxzVTbi7A==
+playwright@1.44.1:
+  version "1.44.1"
+  resolved "https://registry.yarnpkg.com/playwright/-/playwright-1.44.1.tgz#5634369d777111c1eea9180430b7a184028e7892"
+  integrity sha512-qr/0UJ5CFAtloI3avF95Y0L1xQo6r3LQArLIg/z/PoGJ6xa+EwzrwO5lpNr/09STxdHuUoP2mvuELJS+hLdtgg==
   dependencies:
-    playwright-core "1.49.0"
+    playwright-core "1.44.1"
   optionalDependencies:
     fsevents "2.3.2"