Skip to content

Commit

Permalink
fix(core): Allow ignoring SSL issues on generic oauth2 credentials (#…
Browse files Browse the repository at this point in the history
  • Loading branch information
netroy authored Jul 26, 2023
1 parent db3c12f commit feac369
Show file tree
Hide file tree
Showing 8 changed files with 36 additions and 8 deletions.
16 changes: 14 additions & 2 deletions packages/@n8n/client-oauth2/src/ClientOAuth2.ts
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,9 @@
/* eslint-disable @typescript-eslint/restrict-plus-operands */
/* eslint-disable @typescript-eslint/no-explicit-any */
import * as qs from 'querystring';
import { Agent } from 'https';
import axios from 'axios';
import type { AxiosRequestConfig } from 'axios';
import { getAuthError } from './utils';
import type { ClientOAuth2TokenData } from './ClientOAuth2Token';
import { ClientOAuth2Token } from './ClientOAuth2Token';
Expand All @@ -18,6 +20,7 @@ export interface ClientOAuth2RequestObject {
body?: Record<string, any>;
query?: qs.ParsedUrlQuery;
headers?: Headers;
ignoreSSLIssues?: boolean;
}

export interface ClientOAuth2Options {
Expand All @@ -32,6 +35,7 @@ export interface ClientOAuth2Options {
state?: string;
body?: Record<string, any>;
query?: qs.ParsedUrlQuery;
ignoreSSLIssues?: boolean;
}

class ResponseError extends Error {
Expand All @@ -40,6 +44,8 @@ class ResponseError extends Error {
}
}

const sslIgnoringAgent = new Agent({ rejectUnauthorized: false });

/**
* Construct an object that can handle the multiple OAuth 2.0 flows.
*/
Expand Down Expand Up @@ -86,7 +92,7 @@ export class ClientOAuth2 {
url += (url.indexOf('?') === -1 ? '?' : '&') + query;
}

const response = await axios.request({
const requestConfig: AxiosRequestConfig = {
url,
method: options.method,
data: qs.stringify(options.body),
Expand All @@ -95,7 +101,13 @@ export class ClientOAuth2 {
// Axios rejects the promise by default for all status codes 4xx.
// We override this to reject promises only on 5xxs
validateStatus: (status) => status < 500,
});
};

if (options.ignoreSSLIssues) {
requestConfig.httpsAgent = sslIgnoringAgent;
}

const response = await axios.request(requestConfig);

const body = this.parseResponseBody<T>(response.data);

Expand Down
8 changes: 4 additions & 4 deletions packages/@n8n/client-oauth2/src/CodeFlow.ts
Original file line number Diff line number Diff line change
Expand Up @@ -53,13 +53,13 @@ export class CodeFlow {
* the user access token.
*/
async getToken(
uri: string | URL,
urlString: string,
opts?: Partial<ClientOAuth2Options>,
): Promise<ClientOAuth2Token> {
const options = { ...this.client.options, ...opts };
const options: ClientOAuth2Options = { ...this.client.options, ...opts };
expects(options, 'clientId', 'accessTokenUri');

const url = uri instanceof URL ? uri : new URL(uri, DEFAULT_URL_BASE);
const url = new URL(urlString, DEFAULT_URL_BASE);
if (
typeof options.redirectUri === 'string' &&
typeof url.pathname === 'string' &&
Expand All @@ -70,7 +70,7 @@ export class CodeFlow {

if (!url.search?.substring(1)) {
// eslint-disable-next-line @typescript-eslint/restrict-template-expressions
throw new TypeError(`Unable to process uri: ${uri.toString()}`);
throw new TypeError(`Unable to process uri: ${urlString}`);
}

const data =
Expand Down
5 changes: 3 additions & 2 deletions packages/@n8n/client-oauth2/src/utils.ts
Original file line number Diff line number Diff line change
Expand Up @@ -63,14 +63,15 @@ export function auth(username: string, password: string): string {
*/
export function getRequestOptions(
{ url, method, body, query, headers }: ClientOAuth2RequestObject,
options: any,
options: ClientOAuth2Options,
): ClientOAuth2RequestObject {
const rOptions = {
url,
method,
body: { ...body, ...options.body },
query: { ...query, ...options.query },
headers: { ...headers, ...options.headers },
headers: headers ?? {},
ignoreSSLIssues: options.ignoreSSLIssues,
};
// if request authorization was overridden delete it from header
if (rOptions.headers.Authorization === '') {
Expand Down
1 change: 1 addition & 0 deletions packages/cli/src/credentials/oauth2Credential.api.ts
Original file line number Diff line number Diff line change
Expand Up @@ -265,6 +265,7 @@ oauth2CredentialController.get(
redirectUri: `${getInstanceBaseUrl()}/${restEndpoint}/oauth2-credential/callback`,
scopes: split(scopes, ','),
scopesSeparator: scopes.includes(',') ? ',' : ' ',
ignoreSSLIssues: get(oauthCredentials, 'ignoreSSLIssues') as boolean,
};

if (oauthCredentials.grantType === 'pkce') {
Expand Down
4 changes: 4 additions & 0 deletions packages/core/src/NodeExecuteFunctions.ts
Original file line number Diff line number Diff line change
Expand Up @@ -1092,6 +1092,7 @@ export async function requestOAuth2(
clientSecret: credentials.clientSecret as string,
accessTokenUri: credentials.accessTokenUrl as string,
scopes: (credentials.scope as string).split(' '),
ignoreSSLIssues: credentials.ignoreSSLIssues as boolean,
});

let oauthTokenData = credentials.oauthTokenData as ClientOAuth2TokenData;
Expand Down Expand Up @@ -1131,6 +1132,9 @@ export async function requestOAuth2(
},
oAuth2Options?.tokenType || oauthTokenData.tokenType,
);

(requestOptions as OptionsWithUri).rejectUnauthorized = !credentials.ignoreSSLIssues;

// Signs the request by adding authorization headers or query parameters depending
// on the token-type used.
const newRequestOptions = token.sign(requestOptions as ClientOAuth2RequestObject);
Expand Down
7 changes: 7 additions & 0 deletions packages/nodes-base/credentials/OAuth2Api.credentials.ts
Original file line number Diff line number Diff line change
Expand Up @@ -104,5 +104,12 @@ export class OAuth2Api implements ICredentialType {
],
default: 'header',
},
{
displayName: 'Ignore SSL Issues',
name: 'ignoreSSLIssues',
type: 'boolean',
default: false,
doNotInherit: true,
},
];
}
1 change: 1 addition & 0 deletions packages/workflow/src/Interfaces.ts
Original file line number Diff line number Diff line change
Expand Up @@ -1116,6 +1116,7 @@ export interface INodeProperties {
extractValue?: INodePropertyValueExtractor;
modes?: INodePropertyMode[];
requiresDataPath?: 'single' | 'multiple';
doNotInherit?: boolean;
}

export interface INodePropertyModeTypeOptions {
Expand Down
2 changes: 2 additions & 0 deletions packages/workflow/src/NodeHelpers.ts
Original file line number Diff line number Diff line change
Expand Up @@ -1601,6 +1601,8 @@ export function mergeNodeProperties(
): void {
let existingIndex: number;
for (const property of addProperties) {
if (property.doNotInherit) continue;

existingIndex = mainProperties.findIndex((element) => element.name === property.name);

if (existingIndex === -1) {
Expand Down

0 comments on commit feac369

Please sign in to comment.