ci: experiment with manually runnable ci with pre-set branchnames

.circleci/forceRunCI.sh

@@ -3,9 +3,9 @@ branch=`git rev-parse --abbrev-ref HEAD`
 
 cdiCoreMap='{ "5.1": "feat/oauth-provider-base" }'
 cdiPluginInterfaceMap='{ "5.1": "feat/oauth-provider-base" }'
-fdiNodeMap='{ "3.1": "feat/oauth2/base" }'
-fdiWebsiteMap='{ "3.1": "master" }'
-fdiAuthReactMap='{ "3.1": "feat/oauth2/base" }'
+fdiNodeMap='{ "3.1": "feat/oauth2/base", "4.0": "feat/oauth2/base" }'
+fdiWebsiteMap='{ "3.1": "master", "4.0": "master" }'
+fdiAuthReactMap='{ "3.1": "feat/oauth2/base", "4.0": "feat/oauth2/base" }'
 
 data=`jq -cn --arg branch "$branch" \
   --arg cdiCoreMap "$cdiCoreMap" \

frontendDriverInterfaceSupported.json

@@ -1,4 +1,4 @@
 {
     "_comment": "contains a list of frontend-driver interfaces branch names that this core supports",
-    "versions": ["1.17", "1.18", "1.19", "2.0", "3.0", "3.1"]
+    "versions": ["1.17", "1.18", "1.19", "2.0", "3.0", "3.1", "4.0"]
 }

lib/build/recipe/session/recipe.d.ts

@@ -64,4 +64,5 @@ export default class SessionRecipe extends RecipeModule {
         accessToken: import("./jwt").ParsedJWTInfo | undefined;
         allowedTransferMethod: import("./types").TokenTransferMethod | "any";
     };
+    getNormalisedOverwriteSessionDuringSignInUp: (req: any) => boolean;
 }

lib/build/recipe/session/recipe.js

@@ -193,6 +193,14 @@ class SessionRecipe extends recipeModule_1.default {
             });
             return sessionRequestFunctions_1.getAccessTokenFromRequest(req, allowedTransferMethod);
         };
+        this.getNormalisedOverwriteSessionDuringSignInUp = (req) => {
+            var _a;
+            const supportsFDI31 = utils_2.hasGreaterThanEqualToFDI(req, "3.1");
+            const res =
+                (_a = this.config.overwriteSessionDuringSignInUp) !== null && _a !== void 0 ? _a : supportsFDI31;
+            logger_1.logDebugMessage("getNormalisedOverwriteSessionDuringSignInUp returning: " + res);
+            return res;
+        };
         this.config = utils_1.validateAndNormaliseUserInput(this, appInfo, config);
         const antiCsrfToLog =
             typeof this.config.antiCsrfFunctionOrString === "string"

lib/build/recipe/session/types.d.ts

@@ -99,7 +99,7 @@ export declare type TypeNormalisedInput = {
     cookieSecure: boolean;
     sessionExpiredStatusCode: number;
     errorHandlers: NormalisedErrorHandlers;
-    overwriteSessionDuringSignInUp: boolean;
+    overwriteSessionDuringSignInUp: boolean | undefined;
     antiCsrfFunctionOrString:
         | "VIA_TOKEN"
         | "VIA_CUSTOM_HEADER"

lib/build/recipe/session/utils.js

@@ -89,7 +89,7 @@ function getURLProtocol(url) {
 }
 exports.getURLProtocol = getURLProtocol;
 function validateAndNormaliseUserInput(recipeInstance, appInfo, config) {
-    var _a, _b, _c, _d, _e;
+    var _a, _b, _c, _d;
     let cookieDomain =
         config === undefined || config.cookieDomain === undefined
             ? undefined
@@ -231,14 +231,11 @@ function validateAndNormaliseUserInput(recipeInstance, appInfo, config) {
         override,
         invalidClaimStatusCode,
         overwriteSessionDuringSignInUp:
-            (_d = config === null || config === void 0 ? void 0 : config.overwriteSessionDuringSignInUp) !== null &&
+            config === null || config === void 0 ? void 0 : config.overwriteSessionDuringSignInUp,
+        jwksRefreshIntervalSec:
+            (_d = config === null || config === void 0 ? void 0 : config.jwksRefreshIntervalSec) !== null &&
             _d !== void 0
                 ? _d
-                : true,
-        jwksRefreshIntervalSec:
-            (_e = config === null || config === void 0 ? void 0 : config.jwksRefreshIntervalSec) !== null &&
-            _e !== void 0
-                ? _e
                 : 3600 * 4,
     };
 }

lib/ts/authUtils.ts

@@ -280,8 +280,9 @@ export const AuthUtils = {
                 // If the new user wasn't linked to the current one, we check the config and overwrite the session if required
                 // Note: we could also get here if MFA is enabled, but the app didn't want to link the user to the session user.
                 // This is intentional, since the MFA and overwriteSessionDuringSignInUp configs should work independently.
-                let overwriteSessionDuringSignInUp = SessionRecipe.getInstanceOrThrowError().config
-                    .overwriteSessionDuringSignInUp;
+                let overwriteSessionDuringSignInUp = SessionRecipe.getInstanceOrThrowError().getNormalisedOverwriteSessionDuringSignInUp(
+                    req
+                );
                 if (overwriteSessionDuringSignInUp) {
                     respSession = await Session.createNewSession(req, res, tenantId, recipeUserId, {}, {}, userContext);
                     if (mfaInstance !== undefined) {
@@ -1016,9 +1017,11 @@ export const AuthUtils = {
         shouldTryLinkingWithSessionUser: boolean | undefined,
         userContext: UserContext
     ) {
-        const overwriteSessionDuringSignInUp = SessionRecipe.getInstanceOrThrowError().config
-            .overwriteSessionDuringSignInUp;
-        return shouldTryLinkingWithSessionUser !== false || !overwriteSessionDuringSignInUp
+        const overwriteSessionDuringSignInUp = SessionRecipe.getInstanceOrThrowError().getNormalisedOverwriteSessionDuringSignInUp(
+            req
+        );
+
+        return shouldTryLinkingWithSessionUser !== false || overwriteSessionDuringSignInUp === false
             ? await Session.getSession(
                   req,
                   res,

lib/ts/querier.ts

@@ -344,7 +344,6 @@ export class Querier {
                 );
                 finalURL.search = searchParams.toString();
 
-                console.log("finalURL", finalURL.toString());
                 // Update cache and return
                 let response = await doFetch(finalURL.toString(), {
                     method: "GET",
@@ -612,7 +611,6 @@ export class Querier {
                 Querier.hostsAliveForTesting.add(currentDomain + currentBasePath);
             }
 
-            console.log("response", { url, body: await response.clone().text(), headers: response.headers });
             if (response.status !== 200) {
                 throw response;
             }

lib/ts/recipe/session/recipe.ts

@@ -44,7 +44,7 @@ import OpenIdRecipe from "../openid/recipe";
 import { logDebugMessage } from "../../logger";
 import { resetCombinedJWKS } from "../../combinedRemoteJWKSet";
 import { getAccessTokenFromRequest } from "./sessionRequestFunctions";
-import { isTestEnv } from "../../utils";
+import { hasGreaterThanEqualToFDI, isTestEnv } from "../../utils";
 
 // For Express
 export default class SessionRecipe extends RecipeModule {
@@ -296,4 +296,11 @@ export default class SessionRecipe extends RecipeModule {
 
         return getAccessTokenFromRequest(req, allowedTransferMethod);
     };
+
+    getNormalisedOverwriteSessionDuringSignInUp = (req: any) => {
+        const supportsFDI31 = hasGreaterThanEqualToFDI(req, "3.1");
+        const res = this.config.overwriteSessionDuringSignInUp ?? supportsFDI31;
+        logDebugMessage("getNormalisedOverwriteSessionDuringSignInUp returning: " + res);
+        return res;
+    };
 }

lib/ts/recipe/session/types.ts

@@ -124,7 +124,7 @@ export type TypeNormalisedInput = {
     cookieSecure: boolean;
     sessionExpiredStatusCode: number;
     errorHandlers: NormalisedErrorHandlers;
-    overwriteSessionDuringSignInUp: boolean;
+    overwriteSessionDuringSignInUp: boolean | undefined;
 
     antiCsrfFunctionOrString:
         | "VIA_TOKEN"

lib/ts/recipe/session/utils.ts

@@ -303,7 +303,7 @@ export function validateAndNormaliseUserInput(
         antiCsrfFunctionOrString: antiCsrf,
         override,
         invalidClaimStatusCode,
-        overwriteSessionDuringSignInUp: config?.overwriteSessionDuringSignInUp ?? true,
+        overwriteSessionDuringSignInUp: config?.overwriteSessionDuringSignInUp,
         jwksRefreshIntervalSec: config?.jwksRefreshIntervalSec ?? 3600 * 4,
     };
 }