authing / authing-js-sdk Goto Github PK

The documentation of Authing Pipeline can be found here.

https://github.com/Authing/authing.js/blob/223feecbe0c7b56aff7dab402bdadb5291402cca/src/types/graphql.v2.ts#L610
和
https://github.com/Authing/authing.js/blob/223feecbe0c7b56aff7dab402bdadb5291402cca/src/lib/management/UsersManagementClient.ts#L320

定义不一致

.

Message有的时候是structure，有的时候是string，规范格式比较统一的话会更容易解析。

下面返回的例子里message就是string，但是大多数情况下都是structure

{  
   "data":{  
      "removeUsers":null
   },
   "errors":[  
      {  
         "message":"Cast to ObjectId failed for value \"111\" at path \"_id\" for model \"User\"",
         "name":"CastError",
         "stringValue":"\"111\"",
         "kind":"ObjectId",
         "value":"111",
         "path":"_id"
      }
   ]
}

这个提交 中的如下代码是有问题的：

可选运算符 navigator?.userAgent 可用的前提是 navigator 变量已经被定义了，如果 navigator 没定义，执行这行代码时仍然会 ReferenceError 错误，因为可先运算符的 等效 js 代码是 navigator === null || navigator === void 0 ? void 0 : navigator.userAgent

对于这种兼容 node、Web、worker 环境的代码的正确处理方式应是：

1. 安装 conf-global 包（该包非常小，零依赖，不会增加项目负担） npm i conf-global
2. 在应用入口文件最前面添加 import "conf-global"
3. 凡是访问全局性有兼容的API 都改成通过 globalThis 全局对象访问的方式，如： globalThis. navigator?. userAgent

1. 新增一个接口，该接口支持使用 accessToken 获取 userInfo
2. 将使用方法补充到文档中

• Version:

"authing-js-sdk": "4.23.35",

└─┬ [email protected]
└─┬ [email protected]
└── [email protected]

• Platform:

MacOS

Severity: Medium

Description:

Module not found: Error: Can't resolve 'jsbn' in '/Users/linonetwo/xxx/TiddlyGit-Desktop/node_modules/authing-js-sdk/build/module/lib/sm-crypto/sm2'

ERROR in ./node_modules/authing-js-sdk/build/module/lib/sm-crypto/sm2/index.js 6:0-34
Module not found: Error: Can't resolve 'jsbn' in '/Users/linonetwo/Desktop/repo/TiddlyGit-Desktop/node_modules/authing-js-sdk/build/module/lib/sm-crypto/sm2'
 @ ./node_modules/authing-js-sdk/build/module/lib/utils.js 39:0-50 48:38-47
 @ ./node_modules/authing-js-sdk/build/module/lib/management/ManagementClient.js 53:0-35 67:21-28
 @ ./node_modules/authing-js-sdk/build/module/index.js 1:0-50 1:0-50
 @ ./src/components/TokenForm/gitTokenHooks.ts 3:0-54 6:38-58

在今天升级依赖时遇到这个问题。可能是因为你们依赖 jsbn 的库升级了。

Steps to reproduce the error:

Log

2018/05/01 17:52:24 >>>>>>>>>request body
2018/05/01 17:52:24 {"query":"mutation($ids:[String!]!$operator:String!$registerInClient:String!){removeUsers(ids: $ids, registerInClient: $registerInClient, operator: $operator){_id,email,unionid}}","variables":{"ids":["5ae3d830f0db4b000117a95f"],"operator":"","registerInClient":"5adb75e03055230001023b26"}}

2018/05/01 17:52:24 >>>>>>>>>response body
2018/05/01 17:52:24 {"data":{"removeUsers":[]}}

总是返回成功，没有errors？

https://github.com/Authing/authing.js/blob/354968962ad217289c39b6a699adaee090254937/src/types/graphql.v2.ts#L545

这个要改哪里，改 https://github.com/Authing/authing.js/blob/master/src/lib/authentication/AuthenticationClient.ts 吗

看样子应该是要加在 https://github.com/Authing/authing.js/blob/354968962ad217289c39b6a699adaee090254937/src/lib/authentication/SocialAuthenticationClient.ts#L32 里，这里的 https://github.com/Authing/authing.js/blob/354968962ad217289c39b6a699adaee090254937/src/lib/authentication/SocialAuthenticationClient.ts#L144 里没有 identities ，需要再 await 一次 graphql 请求来获取 identities

Type definitions for public API

我在将Web SDK集成到我的应用程序中，遇到了一个问题。 我能正确注册、登录、注销，但我在验证用户邮箱的时候一直遇到问题。 我在Authing控制台已经设置好为电子邮件的模板。
当我收到来自Authing的电子邮件时，每次点击所提供的链接后验证都失败，然后都会收到以下的信息：

验证失败，获取邮件模板失败, 页面将在5秒后关闭…

https://github.com/Authing/authing.js/blob/431ae4e88ef583f022ea1316c1e3a6bd22db075b/src/lib/common/HttpClient.ts#L46

在调用发送短信的时候，这里的data的值是{ code: 200, message: '发送成功' }， 返回的是data.data，得到一个undefined

#43

.

sendVerifyEmail existed in the JS-SDK document but not in the sdk source code.

• I'm submitting a ...
  [x] bug report
  [ ] feature request
  [ ] question about the decisions made in the repository
  [ ] question about how to use this project

• Summary

 Refused to connect to 'https://tiddlygit-desktop.authing.cn/oidc/.well-known/jwks.json' because it violates the following Content Security Policy directive: "default-src 'self' 'unsafe-inline' data:". Note that 'connect-src' was not explicitly set, so 'default-src' is used as a fallback.

dispatchXhrRequest @ xhr.js?9eca:178
KeyManager.js?450b:141 服务器 JWKS 端点请求失败
eval @ KeyManager.js?450b:141
KeyManager.js?450b:142 Error: Network Error
    at createError (webpack-internal:///./node_modules/authing-js-sdk/node_modules/axios/lib/core/createError.js:16)
    at XMLHttpRequest.handleError (webpack-internal:///./node_modules/authing-js-sdk/node_modules/axios/lib/adapters/xhr.js:83)

My code:

/* eslint-disable @typescript-eslint/strict-boolean-expressions */
import { useCallback, useMemo } from 'react';
import { AuthenticationClient } from 'authing-js-sdk';
import { SupportedStorageServices } from '@services/types';
import { APP_ID, APP_DOMAIN } from '@/constants/auth';

export function useAuth(storageService: SupportedStorageServices): [() => Promise<void>, () => Promise<void>] {
  const authing = useMemo(
    () =>
      new AuthenticationClient({
        appId: APP_ID,
        appHost: APP_DOMAIN,
      }),
    [],
  );

  const onFailure = useCallback((error: Error) => {
    console.error(error);
  }, []);
  const onClickLogout = useCallback(async () => {
    await authing.logout();
    await window.service.window.clearStorageData();
  }, [authing]);

  const onClickLogin = useCallback(async () => {
    // clear token first, otherwise github login window won't give us a chance to see the form
    // void this.auth.logout();
    // window.remote.clearStorageData();
    try {
      await authing.social.authorize(storageService, {
        onSuccess: async (user) => {
          const thirdPartyIdentity = user.identities?.find((identity) => identity?.provider === storageService);
          if (thirdPartyIdentity) {
            if (thirdPartyIdentity.accessToken) {
              await window.service.auth.set(`${storageService}-token`, thirdPartyIdentity.accessToken);
            }
            if (user.username) {
              await window.service.auth.set(`${storageService}-userName`, user.username);
            }
            if (user.email) {
              await window.service.auth.set(`${storageService}-email`, user.email);
            }
          }
        },
        onError: (code, message) => onFailure(new Error(message + String(code))),
      });
    } catch (error) {
      onFailure(error);
    }
  }, [authing.social, onFailure, storageService]);

  return [onClickLogin, onClickLogout];
}

• Other information (e.g. detailed explanation, stacktraces, related issues, suggestions how to fix, links for us to have context, eg. StackOverflow, personal fork, etc.)

• Version: 4.23.29

• Platform: Authing JS-SDK (Node)

Severity: high

Description:

                   === npm audit security report ===                        

┌──────────────────────────────────────────────────────────────────────────────┐
│ Manual Review │
│ Some vulnerabilities require your attention to resolve │
│ │
│ Visit https://go.npm.me/audit-guide for additional guidance │
└──────────────────────────────────────────────────────────────────────────────┘
┌───────────────┬──────────────────────────────────────────────────────────────┐
│ High │ Incorrect Comparison in axios │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package │ axios │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Patched in │ >=0.21.2 │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ authing-js-sdk │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path │ authing-js-sdk > axios │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info │ GHSA-cph5-m8f7-6c5x │
└───────────────┴──────────────────────────────────────────────────────────────┘
┌───────────────┬──────────────────────────────────────────────────────────────┐
│ High │ Server-Side Request Forgery in Axios │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package │ axios │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Patched in │ >=0.21.1 │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ authing-js-sdk │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path │ authing-js-sdk > axios │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info │ GHSA-4w2v-q235-vp99 │
└───────────────┴──────────────────────────────────────────────────────────────┘
┌───────────────┬──────────────────────────────────────────────────────────────┐
│ Moderate │ Exposure of Sensitive Information to an Unauthorized Actor │
│ │ in follow-redirects │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package │ follow-redirects │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Patched in │ >=1.14.8 │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ authing-js-sdk │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path │ authing-js-sdk > axios > follow-redirects │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info │ GHSA-pw2r-vq6v-hr8c │
└───────────────┴──────────────────────────────────────────────────────────────┘
┌───────────────┬──────────────────────────────────────────────────────────────┐
│ High │ Exposure of sensitive information in follow-redirects │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package │ follow-redirects │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Patched in │ >=1.14.7 │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ authing-js-sdk │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path │ authing-js-sdk > axios > follow-redirects │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info │ GHSA-74fj-2j2h-c42q │
└───────────────┴──────────────────────────────────────────────────────────────┘

Steps to reproduce the error:

npm install authing-js-sdk
do -> npm audit
-->

修改密码的流程：
1、发送邮件
2、填写验证码
3、修改密码

必须提供验证码