diff --git a/common/src/maven/MavenCliProxy.ts b/common/src/maven/MavenCliProxy.ts index 1b5d83e2..515dded6 100644 --- a/common/src/maven/MavenCliProxy.ts +++ b/common/src/maven/MavenCliProxy.ts @@ -6,7 +6,7 @@ import * as path from "path" import * as fs from "fs-extra" - +import * as jwtDecode from "jwt-decode" import { BaseEnvironment } from "../platform" import { MavenInfo } from "../types" @@ -39,7 +39,7 @@ export class MavenCliProxy { this.writeTokenPom(tokenPom) let token = fs.existsSync(tokenFile) ? this.readTokenFile(tokenFile) : null - if (!token || this.isExpired(token)) { + if (!token || this.isExpired(token) || this.isDiffUserOrTenant(token)) { const command = `mvn vrealize:auth -P${this.mavenSettings.profile} -DoutputDir="${tokenFolder}" -N -e` const cmdOptions = { cwd: tokenFolder } @@ -144,4 +144,39 @@ export class MavenCliProxy { return now > expirationDate } + + private isDiffUserOrTenant(token: { value: string; expirationDate: string }): boolean { + let decodedToken + try { + decodedToken = jwtDecode(token.value) + } catch (e) { + this.logger.warn(`Invalid local SSO authentication token format!`) + return true; + } + + // token (stored locally) details + const tokenUserQualifier = decodedToken.prn // user@TENANT + if (!tokenUserQualifier) { + return true; + } + const tokenUsername = tokenUserQualifier.match(/.+?(?=@)/) + if (!tokenUsername) { + return true; + } + const tokenTenant = tokenUserQualifier.match(/(?<=@).+[^\s]/) + if (!tokenTenant) { + return true; + } + const tokenDomain = decodedToken.domain + if (!tokenDomain) { + return true; + } + + // Maven active profile details + const vroUsername = this.environment.getVroUsername() // user@domain + const vroTenant = this.environment.getVroTenant() + + return (`${tokenUsername[0]}@${tokenDomain}`.toUpperCase() != vroUsername.toUpperCase() || + tokenTenant[0].toUpperCase() != vroTenant.toUpperCase()); + } } diff --git a/common/src/platform/BaseEnvironment.ts b/common/src/platform/BaseEnvironment.ts index 63805092..63817bb1 100644 --- a/common/src/platform/BaseEnvironment.ts +++ b/common/src/platform/BaseEnvironment.ts @@ -117,4 +117,20 @@ export abstract class BaseEnvironment { return this.config.activeProfile.getOptional("vro.host", "") } + + getVroUsername(): string { + if (!this.config.hasActiveProfile()) { + return "" + } + + return this.config.activeProfile.getOptional("vro.username", "") + } + + getVroTenant(): string { + if (!this.config.hasActiveProfile()) { + return "" + } + + return this.config.activeProfile.getOptional("vro.tenant", "") + } } diff --git a/package.json b/package.json index e3bc7fad..d60d3665 100644 --- a/package.json +++ b/package.json @@ -579,6 +579,7 @@ "fs-extra": "~7.0.0", "glob": "^7.1.6", "jsonc-parser": "^2.1.0", + "jwt-decode": "^2.2.0", "lodash": "^4.17.15", "micromatch": "^4.0.2", "module-alias": "^2.2.2", diff --git a/yarn.lock b/yarn.lock index 6d954b51..8cc531a7 100644 --- a/yarn.lock +++ b/yarn.lock @@ -4141,6 +4141,11 @@ just-debounce@^1.0.0: resolved "https://registry.yarnpkg.com/just-debounce/-/just-debounce-1.0.0.tgz#87fccfaeffc0b68cd19d55f6722943f929ea35ea" integrity sha1-h/zPrv/AtozRnVX2cilD+SnqNeo= +jwt-decode@^2.2.0: + version "2.2.0" + resolved "https://registry.yarnpkg.com/jwt-decode/-/jwt-decode-2.2.0.tgz#7d86bd56679f58ce6a84704a657dd392bba81a79" + integrity sha1-fYa9VmefWM5qhHBKZX3TkruoGnk= + keytar@*: version "6.0.1" resolved "https://registry.yarnpkg.com/keytar/-/keytar-6.0.1.tgz#996961abdebf300b2d34bb2eab6e42a8096b1ed8"