refuse unacceptable values for AuthnMethod and AuthAction

mt-gdiniz · mt-gdiniz · commit b92acf7f1cb0 · 2022-11-17T18:11:03.000+09:00
diff --git a/src/__tests__/helper.test.ts b/src/__tests__/helper.test.ts
@@ -1,6 +1,6 @@
 import { constructScopes, getIsTabValue, mergeConfigs, generateConfigs } from '../helper';
 import packageJson from '../../package.json';
-import { ConfigsOptions } from '../typings';
+import { AuthAction, AuthnMethod, ConfigsOptions } from '../typings';
 import { stringify } from 'qs';
 
 describe('helper', () => {
@@ -158,6 +158,38 @@ describe('helper', () => {
       );
     });
 
+    test('Should filter out invalid authnMethod from array and authAction values', () => {
+      const configPayload: ConfigsOptions = {
+        email: 'email',
+        backTo: 'backTo',
+        authAction: 'invalid-value' as AuthAction,
+        showAuthToggle: true,
+        showRememberMe: true,
+        authnMethod: ['oh-not-valid', 'sso'] as AuthnMethod[]
+      };
+
+      expect(generateConfigs(configPayload)).toBe(
+        `sdk_platform=js&sdk_version=${packageJson.version}&email=email&back_to=backTo&show_auth_toggle=true` +
+          `&show_remember_me=true&authn_method=sso`
+      );
+    });
+
+    test('Should reject invalid authnMethod from config', () => {
+      const configPayload: ConfigsOptions = {
+        email: 'email',
+        backTo: 'backTo',
+        authAction: 'signup',
+        showAuthToggle: true,
+        showRememberMe: true,
+        authnMethod: 'oh-not-valid' as AuthnMethod
+      };
+
+      expect(generateConfigs(configPayload)).toBe(
+        `sdk_platform=js&sdk_version=${packageJson.version}&email=email&back_to=backTo&auth_action=signup&show_auth_toggle=true` +
+          `&show_remember_me=true`
+      );
+    });
+
     test('without parameter', () => {
       expect(generateConfigs()).toBe(`sdk_platform=js&sdk_version=${packageJson.version}`);
     });
diff --git a/src/helper.ts b/src/helper.ts
@@ -7,7 +7,15 @@ import { encode } from 'url-safe-base64';
 import { v4 as uuid } from 'uuid';
 import storage from './storage';
 
-import { Scopes, InitOptions, ConfigsOptions, AuthAction, AuthnMethod } from './typings';
+import {
+  Scopes,
+  InitOptions,
+  ConfigsOptions,
+  AuthAction,
+  AuthnMethod,
+  supportedAuthnMethod,
+  supportedAuthAction
+} from './typings';
 
 export function constructScopes(scopes: Scopes = ''): string | undefined {
   return (Array.isArray(scopes) ? scopes.join(' ') : scopes) || undefined;
@@ -79,6 +87,14 @@ export function generateConfigs(configs: ConfigsOptions = {}): string {
     'authnMethod'
   ];
 
+  if (configs.authnMethod) {
+    configs.authnMethod = parseAuthnMethod(configs.authnMethod);
+  }
+
+  if (configs.authAction) {
+    configs.authAction = parseAuthAction(configs.authAction);
+  }
+
   for (const key in configs) {
     if (configKeys.indexOf(key) !== -1) {
       snakeCaseConfigs[snakeCase(key)] = configs[key as keyof ConfigsOptions];
@@ -95,6 +111,37 @@ export function generateConfigs(configs: ConfigsOptions = {}): string {
   );
 }
 
+function isAuthnMethod(x: unknown): x is AuthnMethod | AuthnMethod[] {
+  if (Array.isArray(x)) {
+    return (
+      x.length > 0 &&
+      x.every((el: AuthnMethod) => {
+        return supportedAuthnMethod.includes(el);
+      })
+    );
+  }
+
+  return supportedAuthnMethod.includes(x as AuthnMethod);
+}
+
+function parseAuthnMethod(x: unknown): AuthnMethod[] | AuthnMethod | undefined {
+  if (Array.isArray(x)) {
+    let filtered_x = x.filter((el: AuthnMethod) => supportedAuthnMethod.includes(el));
+
+    filtered_x.length == 1 ? (x = filtered_x.toString()) : (x = filtered_x);
+  }
+
+  return isAuthnMethod(x) ? x : undefined;
+}
+
+function isAuthAction(x: unknown): x is AuthAction {
+  return supportedAuthAction.includes(x as AuthAction);
+}
+
+function parseAuthAction(x: unknown): AuthAction | undefined {
+  return isAuthAction(x) ? x : undefined;
+}
+
 export function generateCodeChallenge(): string {
   const codeVerifier = uuid();
 
diff --git a/src/typings.ts b/src/typings.ts
@@ -1,4 +1,5 @@
-export type AuthAction = 'login' | 'signup';
+export const supportedAuthAction = ['login', 'signup'] as const;
+export type AuthAction = typeof supportedAuthAction[number];
 
 export interface PrivateParams {
   cobrandClientId?: string;
@@ -10,7 +11,9 @@ export interface PrivateConfigsOptions {
   sdkVersion?: string; // semver
 }
 
-export type AuthnMethod = 'passwordless' | 'sso' | 'credentials';
+export const supportedAuthnMethod = ['passwordless', 'sso', 'credentials'] as const;
+export type AuthnMethod = typeof supportedAuthnMethod[number];
+
 export interface ConfigsOptions extends PrivateConfigsOptions {
   email?: string;
   backTo?: string;
