Merge branch 'develop' of github.com:thecodingmachine/workadventure into develop

pusher/src/Controller/AuthenticateController.ts

@@ -93,7 +93,15 @@ export class AuthenticateController extends BaseController {
                         res.writeStatus("200");
                         this.addCorsHeaders(res);
                         res.writeHeader("Content-Type", "application/json");
-                        return res.end(JSON.stringify({ ...resCheckTokenAuth, ...resUserData, username: authTokenData.username, locale: authTokenData.locale, authToken: token }));
+                        return res.end(
+                            JSON.stringify({
+                                ...resCheckTokenAuth,
+                                ...resUserData,
+                                authToken: token,
+                                username: authTokenData?.username,
+                                locale: authTokenData?.locale,
+                            })
+                        );
                     } catch (err) {
                         console.info("User was not connected", err);
                     }
@@ -115,7 +123,12 @@ export class AuthenticateController extends BaseController {
                 if (!sub) {
                     throw new Error("No sub in the response");
                 }
-                const authToken = jwtTokenManager.createAuthToken(sub, userInfo?.access_token, userInfo?.username, userInfo?.locale);
+                const authToken = jwtTokenManager.createAuthToken(
+                    sub,
+                    userInfo?.access_token,
+                    userInfo?.username,
+                    userInfo?.locale
+                );
 
                 //Get user data from Admin Back Office
                 //This is very important to create User Local in LocalStorage in WorkAdventure
@@ -124,7 +137,9 @@ export class AuthenticateController extends BaseController {
                 res.writeStatus("200");
                 this.addCorsHeaders(res);
                 res.writeHeader("Content-Type", "application/json");
-                return res.end(JSON.stringify({ ...data, authToken, username: userInfo.username, locale: userInfo.locale, userUuid : sub  }));
+                return res.end(
+                    JSON.stringify({ ...data, authToken, username: userInfo?.username, locale: userInfo?.locale, userUuid : sub })
+                );
             } catch (e) {
                 console.error("openIDCallback => ERROR", e);
                 return this.errorToResponse(e, res);

pusher/src/Enum/EnvironmentVariable.ts

@@ -19,7 +19,7 @@ export const OPID_CLIENT_SECRET = process.env.OPID_CLIENT_SECRET || "";
 export const OPID_CLIENT_ISSUER = process.env.OPID_CLIENT_ISSUER || "";
 export const OPID_CLIENT_REDIRECT_URL = process.env.OPID_CLIENT_REDIRECT_URL || FRONT_URL + "/jwt";
 export const OPID_PROFILE_SCREEN_PROVIDER = process.env.OPID_PROFILE_SCREEN_PROVIDER || ADMIN_URL + "/profile";
-export const OPID_ADDITIONAL_SCOPES = process.env.OPID_ADDITIONAL_SCOPES || "";
+export const OPID_SCOPE = process.env.OPID_SCOPE || "openid email";
 export const OPID_USERNAME_CLAIM = process.env.OPID_USERNAME_CLAIM || "username";
 export const OPID_LOCALE_CLAIM = process.env.OPID_LOCALE_CLAIM || "locale";
 export const DISABLE_ANONYMOUS: boolean = process.env.DISABLE_ANONYMOUS === "true";

pusher/src/Services/OpenIDClient.ts

@@ -4,9 +4,9 @@ import {
     OPID_CLIENT_SECRET,
     OPID_CLIENT_ISSUER,
     OPID_CLIENT_REDIRECT_URL,
-    OPID_ADDITIONAL_SCOPES,
     OPID_USERNAME_CLAIM,
     OPID_LOCALE_CLAIM,
+    OPID_SCOPE,
 } from "../Enum/EnvironmentVariable";
 
 class OpenIDClient {
@@ -28,8 +28,11 @@ class OpenIDClient {
 
     public authorizationUrl(state: string, nonce: string, playUri?: string, redirect?: string) {
         return this.initClient().then((client) => {
+            if (!OPID_SCOPE.includes("email") || !OPID_SCOPE.includes("openid")) {
+                throw new Error("Invalid scope, 'email' and 'openid' are required in OPID_SCOPE.");
+            }
             return client.authorizationUrl({
-                scope: "openid email " + OPID_ADDITIONAL_SCOPES,
+                scope: OPID_SCOPE,
                 prompt: "login",
                 state: state,
                 nonce: nonce,
@@ -39,7 +42,10 @@ class OpenIDClient {
         });
     }
 
-    public getUserInfo(code: string, nonce: string): Promise<{ email: string; sub: string; access_token: string; username: string; locale: string }> {
+    public getUserInfo(
+        code: string,
+        nonce: string
+    ): Promise<{ email: string; sub: string; access_token: string; username: string; locale: string }> {
         return this.initClient().then((client) => {
             return client.callback(OPID_CLIENT_REDIRECT_URL, { code }, { nonce }).then((tokenSet) => {
                 return client.userinfo(tokenSet).then((res) => {
@@ -48,8 +54,8 @@ class OpenIDClient {
                         email: res.email as string,
                         sub: res.sub,
                         access_token: tokenSet.access_token as string,
-                        username: (res[OPID_USERNAME_CLAIM]) as string,
-                        locale: (res[OPID_LOCALE_CLAIM]) as string,
+                        username: res[OPID_USERNAME_CLAIM] as string,
+                        locale: res[OPID_LOCALE_CLAIM] as string,
                     };
                 });
             });