Skip to content

Commit

Permalink
Browse files Browse the repository at this point in the history
refactor(cache-provider.js): update redis deps to fix security vulner…
…ability

Updated redis deps, little fix to handle redis connection functionality retryStrategy

re #145
  • Loading branch information
kdhttps committed Nov 19, 2020
1 parent 56b5056 commit 079688b
Show file tree
Hide file tree
Showing 6 changed files with 147 additions and 16 deletions.
22 changes: 22 additions & 0 deletions config/test.js
Expand Up @@ -153,6 +153,28 @@ const passportConfigAuthorizedResponse = {
clientSecret: 'Admin1Admin!',
issuer: 'https://gluu.test.ce6.local.org'
}
}, {
id: 'saml-redis-test',
displayName: 'saml redis',
type: 'saml',
mapping: 'saml_ldap_profile',
passportStrategyId: 'passport-saml',
enabled: true,
callbackUrl:
'https://chris.gluuthree.org/passport/auth/saml' +
'/saml-redis-test/callback',
requestForEmail: false,
emailLinkingSafe: false,
options: {
skipRequestCompression: 'True',
authnRequestBinding: 'HTTP-POST',
identifierFormat:
'urn:oasis:names:tc:SAML:2.0:nameid-format:transient',
cert: 'MIIDlzCCAn8CFBgf85Th/k9LW/WX1Tm2K8L46XFKMA0GCSqGSIb3DQEBCwUAMIGHMQswCQYDVQQGEwJCUjELMAkGA1UECAwCU1AxEjAQBgNVBAcMCVNhbyBQYXVsbzEZMBcGA1UECgwQQ2hyaXMgVGVzdGluZyBuQzEaMBgGA1UEAwwRY2hyaXMuZ2x1dXR3by5vcmcxIDAeBgkqhkiG9w0BCQEWEWNocmlzQHRlc3RpbmcuY29tMB4XDTIwMDYyMzE0NDU1M1oXDTIxMDYyMzE0NDU1M1owgYcxCzAJBgNVBAYTAkJSMQswCQYDVQQIDAJTUDESMBAGA1UEBwwJU2FvIFBhdWxvMRkwFwYDVQQKDBBDaHJpcyBUZXN0aW5nIG5DMRowGAYDVQQDDBFjaHJpcy5nbHV1dHdvLm9yZzEgMB4GCSqGSIb3DQEJARYRY2hyaXNAdGVzdGluZy5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDIaxbLrWDti7ZLAU4YVxNR6bkjt/HDfczBNF5ULlqttTbP65HgOMAl9eI8Sg+vPN2y7lk7ogQW4bJ3gcBfiBjanU8jrVMntXB8VwhZ8YYThkg1NBb9KPf9sW6FsOz+LDKNxJQeXu7jbKtb7KZvAQiFWCLil6VuKgvmjcDSnRARkSSacqVs7vM/OH9t+zRdeLA2LFEfUIW1GoOi66Tmt6hnVIhIm9I6vJOE+ym0HnyqPUQy6ZEWGbVbJ4Fn9JJmoZ3jJ1v9ZxfKJt2ZCz2HydOWJHXyg2fZwCBVdoJcydtVWQFNVJMEvQUCZNofyiJsCu+rQ033NWyhtrjlYL2fEqRnAgMBAAEwDQYJKoZIhvcNAQELBQADggEBABDbtviA7rVkg/8wPRYPgi07jCoR9x7ZnJjMB4xHFgwIKRF7FKapUBOvqzSmYbNm3JotAdq6o9gPD3rEjQh4Sy2fptA64fquY6Fo5paVTL5AECdumv67+ziB5mtYE0iabY+QHcLHpy6kqJvFpaeUeBNypvx6SaZ3BM/9Q5VwEmmuuf+VAnY/7Q/BHVUhUBeNs9G1LOtqLTr56QyOO4ET1NKihAeE8A/R05O7fELlB2HJ4LxhMLfzwQwQIzAg5fxYrZLtjGu524SSL7Xb6BuLIitwZVAYBcXS2Up37NGHdQu9c2uHFQoxk+ZNKO1ZRUl7IE/8c6DjMTRXRpZqqRaUBco=',
entryPoint: 'https://chris.gluutwo.org/idp/profile/SAML2/POST/SSO',
issuer: 'urn:test:one',
redisCacheOptions: '{"host":"127.0.0.1", "port":6379}'
}
}]
}

Expand Down
69 changes: 56 additions & 13 deletions package-lock.json

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

3 changes: 2 additions & 1 deletion package.json
Expand Up @@ -52,7 +52,7 @@
"passport-windowslive": "^1.0.2",
"prom-client": "^12.0.0",
"ramda": "^0.26.1",
"redis": "^2.8.0",
"redis": "^3.0.2",
"request": "^2.88.0",
"request-promise": "^4.2.6",
"sha1": "^1.1.1",
Expand All @@ -77,6 +77,7 @@
"cucumber": "^6.0.5",
"cz-conventional-changelog": "^3.3.0",
"eslint-plugin-chai-friendly": "^0.6.0",
"fakeredis": "^2.0.0",
"got": "^11.8.0",
"husky": "^4.3.0",
"mocha": "^8.2.1",
Expand Down
19 changes: 17 additions & 2 deletions server/cache-provider.js
@@ -1,15 +1,30 @@
const redis = require('redis')
const Memcached = require('memcached')
const Promise = require('bluebird')
const R = require('ramda')
const logger = require('./utils/logging')
const OPERATION_NO_CONN = 'Attempt to operate on cache provider but connection has not been established'

const promisify = (context, methodName) => Promise.promisify(context[methodName], { context: context })

const retryStrategy = (options) => {
if (options.error && options.error.code === 'ECONNREFUSED') {
return new Error('The redis server refused the connection')
}
if (options.total_retry_time > 1000 * 60 * 60) {
// 1 min, End reconnecting after a specific timeout and flush all commands
return new Error('Redis connection retry time exhausted')
}
if (options.attempt > 10) {
// End reconnecting with built in error
return undefined
}
// reconnect after milliseconds
return Math.min(options.attempt * 100, 3000)
}

function getRedisProvider (options, exp) {
logger.log2('info', 'Configuring redis cache provider for inResponseTo validation')
options = R.mergeLeft(options, { max_attempts: 3 })
options.retry_strategy = retryStrategy

let ready = false
const client = redis.createClient(options)
Expand Down
42 changes: 42 additions & 0 deletions test/cache-provider.test.js
@@ -0,0 +1,42 @@
const chai = require('chai')
const rewire = require('rewire')
const cacheProviders = rewire('../server/cache-provider.js')
const testConfig = require('../config/test')
const redis = require('redis')
const fakeredis = require('fakeredis')

const assert = chai.assert

describe('cache provider test', () => {
const retryStrategy = cacheProviders.__get__('retryStrategy')
const testProvider = testConfig.passportConfigAuthorizedResponse.providers.find(provider => provider.id === 'saml-redis-test')
testProvider.options.retry_strategy = retryStrategy

it('redis is not live so we should get connection error response', () => {
const client = redis.createClient(testProvider.options)

client.on('ready', () => {
assert.fail('redis connection should not work')
})
client.on('error', actualError => {
const expectedError = new Error('Redis connection in broken state: retry aborted.')
assert.equal(actualError.message, expectedError.message)
})
})

it('redis is live so we should get connection', () => {
const client = fakeredis.createClient(testProvider.options)

client.on('error', actualError => {
assert.fail('redis connection should work')
})
})

it('getRedisProvider should return cache handlers', () => {
const getRedisProvider = cacheProviders.__get__('getRedisProvider')
const redisHandlers = getRedisProvider(testProvider.options, 100)
assert.exists(redisHandlers.save, 'Failed to initialize redis provider save handler')
assert.exists(redisHandlers.get, 'Failed to initialize redis provider get handler')
assert.exists(redisHandlers.remove, 'Failed to initialize redis provider remove handler')
})
})
8 changes: 8 additions & 0 deletions test/providers.test.js
Expand Up @@ -2,6 +2,7 @@ const chai = require('chai')
const rewire = require('rewire')
const providers = rewire('../server/providers.js')
const testConfig = require('../config/test')
const PassportSAMLStrategy = require('passport-saml').Strategy

const assert = chai.assert

Expand Down Expand Up @@ -36,4 +37,11 @@ describe('providers setupStrategy', () => {
'Strategy is not a function!'
)
})

it('Passport SAML Provider with redis setup should initialize the passport-saml strategy', () => {
const testProvider = testConfig.passportConfigAuthorizedResponse.providers.find(provider => provider.id === 'saml-redis-test')

const oPassportSAMLStrategy = new PassportSAMLStrategy(testProvider.options, (profile, done) => { })
assert.exists(oPassportSAMLStrategy, 'Failed to initialize passport saml strategy')
})
})

0 comments on commit 079688b

Please sign in to comment.