diff --git a/backend/controllers/moncomptepro.ts b/backend/controllers/moncomptepro.ts index 273edcf5b2..537ed256d1 100644 --- a/backend/controllers/moncomptepro.ts +++ b/backend/controllers/moncomptepro.ts @@ -1,10 +1,11 @@ import jwt from "jsonwebtoken" import config from "../config/index.js" -import { Issuer } from "openid-client" +import * as client from "openid-client" import Sentry from "@sentry/node" const JWT_EXPIRATION_DELAY = 15552000 // 6 * 30 * 24 * 60 * 60 = 6 months const MCP_TOKEN = "mcp_token" +const MCP_CODE_VERIFER = "mcp_vrfer" const accompagnement = config.accompagnement @@ -20,31 +21,25 @@ const { const { sessionSecret } = config const baseUrl = config.baseURL -const getMcpClient = async () => { - const mcpIssuer = await Issuer.discover(provider) - - return new mcpIssuer.Client({ - client_id, - client_secret, - redirect_uris: [redirect_uri], - response_types: ["code"], - }) +const getMcpClient = async (): Promise => { + return await client.discovery(new URL(provider), client_id, client_secret) } const login = async (req, res) => { - const client = await getMcpClient() - const redirectUrl = client.authorizationUrl({ + const mcpIssuer = await getMcpClient() + const parameters: Record = { + redirect_uri, scope, - }) - res.redirect(redirectUrl) + } + const redirectUrl: URL = client.buildAuthorizationUrl(mcpIssuer, parameters) + return res.redirect(redirectUrl.href) } const retrieveMcpAccessToken = async (req) => { try { - const client = await getMcpClient() - const params = client.callbackParams(req) - const tokenSet = await client.callback(redirect_uri, params) - return tokenSet.access_token + const mcpIssuer = await getMcpClient() + const currentUrl = new URL(config.baseURL + req.originalUrl) + return await client.authorizationCodeGrant(mcpIssuer, currentUrl, {}) } catch (error) { console.error("Error in retrieveMcpAccessToken: ", error) throw error @@ -58,12 +53,16 @@ const access = async (req, res, next) => { const mcpCode = req.query.code if (mcpCode) { - const mcpAccessToken = await retrieveMcpAccessToken(req) - const client = await getMcpClient() - if (!mcpAccessToken) { + const tokens = await retrieveMcpAccessToken(req) + const mcpIssuer = await getMcpClient() + if (!tokens) { throw new Error("No mcpAccessToken") } - const userInfo = await client.userinfo(mcpAccessToken) + + const { access_token } = tokens + const claims = tokens.claims()! + const { sub } = claims + const userInfo = await client.fetchUserInfo(mcpIssuer, access_token, sub) if (!userInfo.email) { throw new Error("No userInfo email") } @@ -75,7 +74,7 @@ const access = async (req, res, next) => { }) res.cookie(MCP_TOKEN, mcpToken) } else { - res.clearCookie(MCP_TOKEN) + clearCookie(res) return res.redirect(accompagnement.unauthorizedPath) } } @@ -87,7 +86,7 @@ const access = async (req, res, next) => { if (isAuthorized) { return next() } else { - res.clearCookie(MCP_TOKEN) + clearCookie(res) return res.redirect(accompagnement.unauthorizedPath) } } @@ -95,7 +94,7 @@ const access = async (req, res, next) => { return login(req, res) } catch (error) { Sentry.captureException(error) - res.clearCookie(MCP_TOKEN) + clearCookie(res) return res.redirect(accompagnement.errorPath) } } @@ -108,13 +107,18 @@ const loginCallbackRedirect = (req, res) => { } } +const clearCookie = (res) => { + res.clearCookie(MCP_TOKEN) + res.clearCookie(MCP_CODE_VERIFER) +} + const logout = async (req, res, next) => { try { - res.clearCookie(MCP_TOKEN) - const client = await getMcpClient() - const redirectUrl = client.endSessionUrl({ + clearCookie(res) + const mcpIssuer = await getMcpClient() + const redirectUrl = client.buildEndSessionUrl(mcpIssuer, { post_logout_redirect_uri: `${baseUrl}${accompagnement.path}`, - }) + }).href res.redirect(redirectUrl) } catch (e) { next(e) diff --git a/backend/routes/moncomptepro.ts b/backend/routes/moncomptepro.ts index 6de260dff4..018786d01d 100644 --- a/backend/routes/moncomptepro.ts +++ b/backend/routes/moncomptepro.ts @@ -1,9 +1,18 @@ import cookieParser from "cookie-parser" import moncompteproController from "../controllers/moncomptepro.js" import { Express } from "express" +import rateLimit from "express-rate-limit" const moncompteproRoutes = function (api: Express) { - api.get("/login", moncompteproController.login) + const loginRateLimiter = rateLimit({ + windowMs: 900000, // 15 minutes + }) + api.get( + "/login", + cookieParser(), + loginRateLimiter, + moncompteproController.login + ) api.get( "/auth/redirect", cookieParser(), diff --git a/package-lock.json b/package-lock.json index ecac60b02c..e5acee82d9 100644 --- a/package-lock.json +++ b/package-lock.json @@ -32,10 +32,11 @@ "errorhandler": "^1.5.1", "event-stream": "4.0.1", "express": "^4.21.1", + "express-rate-limit": "^7.4.1", "express-validator": "^7.2.0", "haversine": "^1.1.1", "js-yaml": "^4.1.0", - "jsonwebtoken": "^9.0.0", + "jsonwebtoken": "^9.0.2", "lodash.clonedeep": "^4.5.0", "lodash.isequal": "^4.5.0", "lodash.range": "^3.2.0", @@ -44,11 +45,11 @@ "mongoose": "^6.11.3", "morgan": "^1.10.0", "nodemailer": "^6.9.3", - "openid-client": "^5.6.5", + "openid-client": "^6.1.3", "pinia": "^2.0.16", - "tmp": "^0.2.1", + "tmp": "^0.2.3", "ts-node": "^10.9.2", - "validator": "^13.7.0", + "validator": "^13.12.0", "vite": "^5.4.3", "vite-plugin-html": "^3.2.2", "vue": "^3.2.47", @@ -10276,6 +10277,20 @@ "node": ">= 0.10.0" } }, + "node_modules/express-rate-limit": { + "version": "7.5.0", + "resolved": "https://registry.npmjs.org/express-rate-limit/-/express-rate-limit-7.5.0.tgz", + "integrity": "sha512-eB5zbQh5h+VenMPM3fh+nw1YExi5nMr6HUCR62ELSP11huvxm/Uir1H1QEyTkk5QX6A58pX6NmaTMceKZ0Eodg==", + "engines": { + "node": ">= 16" + }, + "funding": { + "url": "https://github.com/sponsors/express-rate-limit" + }, + "peerDependencies": { + "express": "^4.11 || 5 || ^5.0.0-beta.1" + } + }, "node_modules/express-validator": { "version": "7.2.0", "resolved": "https://registry.npmjs.org/express-validator/-/express-validator-7.2.0.tgz", @@ -13263,9 +13278,9 @@ } }, "node_modules/jose": { - "version": "4.15.5", - "resolved": "https://registry.npmjs.org/jose/-/jose-4.15.5.tgz", - "integrity": "sha512-jc7BFxgKPKi94uOvEmzlSWFFe2+vASyXaKUpdQKatWAESU2MWjDfFf0fdfc83CDKcA5QecabZeNLyfhe3yKNkg==", + "version": "5.9.6", + "resolved": "https://registry.npmjs.org/jose/-/jose-5.9.6.tgz", + "integrity": "sha512-AMlnetc9+CV9asI19zHmrgS/WYsWUwCn2R7RzlbJWD7F9eWYUTGyBmU9o6PxngtLGOiDGPRu+Uc4fhKzbpteZQ==", "funding": { "url": "https://github.com/sponsors/panva" } @@ -13373,13 +13388,20 @@ } }, "node_modules/jsonwebtoken": { - "version": "9.0.0", - "license": "MIT", + "version": "9.0.2", + "resolved": "https://registry.npmjs.org/jsonwebtoken/-/jsonwebtoken-9.0.2.tgz", + "integrity": "sha512-PRp66vJ865SSqOlgqS8hujT5U4AOgMfhrwYIuIhfKaoSCZcirrmASQr8CX7cUg+RMih+hgznrjp99o+W4pJLHQ==", "dependencies": { "jws": "^3.2.2", - "lodash": "^4.17.21", + "lodash.includes": "^4.3.0", + "lodash.isboolean": "^3.0.3", + "lodash.isinteger": "^4.0.4", + "lodash.isnumber": "^3.0.3", + "lodash.isplainobject": "^4.0.6", + "lodash.isstring": "^4.0.1", + "lodash.once": "^4.0.0", "ms": "^2.1.1", - "semver": "^7.3.8" + "semver": "^7.5.4" }, "engines": { "node": ">=12", @@ -13979,6 +14001,16 @@ "resolved": "https://registry.npmjs.org/lodash.debounce/-/lodash.debounce-4.0.8.tgz", "integrity": "sha512-FT1yDzDYEoYWhnSGnpE/4Kj1fLZkDFyqRb7fNt6FdYOSxlUWAtp42Eh6Wb0rGIv/m9Bgo7x4GhQbm5Ys4SG5ow==" }, + "node_modules/lodash.includes": { + "version": "4.3.0", + "resolved": "https://registry.npmjs.org/lodash.includes/-/lodash.includes-4.3.0.tgz", + "integrity": "sha512-W3Bx6mdkRTGtlJISOvVD/lbqjTlPPUDTMnlXZFnVwi9NKJ6tiAk6LVdlhZMm17VZisqhKcgzpO5Wz91PCt5b0w==" + }, + "node_modules/lodash.isboolean": { + "version": "3.0.3", + "resolved": "https://registry.npmjs.org/lodash.isboolean/-/lodash.isboolean-3.0.3.tgz", + "integrity": "sha512-Bz5mupy2SVbPHURB98VAcw+aHh4vRV5IPNhILUCsOzRmsTmSQ17jIuqopAentWoehktxGd9e/hbIXq980/1QJg==" + }, "node_modules/lodash.isequal": { "version": "4.5.0", "license": "MIT" @@ -13989,6 +14021,26 @@ "integrity": "sha512-7FGG40uhC8Mm633uKW1r58aElFlBlxCrg9JfSi3P6aYiWmfiWF0PgMd86ZUsxE5GwWPdHoS2+48bwTh2VPkIQA==", "peer": true }, + "node_modules/lodash.isinteger": { + "version": "4.0.4", + "resolved": "https://registry.npmjs.org/lodash.isinteger/-/lodash.isinteger-4.0.4.tgz", + "integrity": "sha512-DBwtEWN2caHQ9/imiNeEA5ys1JoRtRfY3d7V9wkqtbycnAmTvRRmbHKDV4a0EYc678/dia0jrte4tjYwVBaZUA==" + }, + "node_modules/lodash.isnumber": { + "version": "3.0.3", + "resolved": "https://registry.npmjs.org/lodash.isnumber/-/lodash.isnumber-3.0.3.tgz", + "integrity": "sha512-QYqzpfwO3/CWf3XP+Z+tkQsfaLL/EnUlXWVkIk5FUPc4sBdTehEqZONuyRt2P67PXAk+NXmTBcc97zw9t1FQrw==" + }, + "node_modules/lodash.isplainobject": { + "version": "4.0.6", + "resolved": "https://registry.npmjs.org/lodash.isplainobject/-/lodash.isplainobject-4.0.6.tgz", + "integrity": "sha512-oSXzaWypCMHkPC3NvBEaPHf0KsA5mvPrOPgQWDsbg8n7orZ290M0BmC/jgRZ4vcJ6DTAhjrsSYgdsW/F+MFOBA==" + }, + "node_modules/lodash.isstring": { + "version": "4.0.1", + "resolved": "https://registry.npmjs.org/lodash.isstring/-/lodash.isstring-4.0.1.tgz", + "integrity": "sha512-0wJxfxH1wgO3GrbuP+dTTk7op+6L41QCXbGINEmD+ny/G/eCqGzxyCsh7159S+mgDDcoarnBw6PC1PS5+wUGgw==" + }, "node_modules/lodash.memoize": { "version": "4.1.2", "dev": true, @@ -14001,7 +14053,6 @@ }, "node_modules/lodash.once": { "version": "4.1.1", - "dev": true, "license": "MIT" }, "node_modules/lodash.range": { @@ -15119,6 +15170,14 @@ "url": "https://github.com/fb55/nth-check?sponsor=1" } }, + "node_modules/oauth4webapi": { + "version": "3.1.4", + "resolved": "https://registry.npmjs.org/oauth4webapi/-/oauth4webapi-3.1.4.tgz", + "integrity": "sha512-eVfN3nZNbok2s/ROifO0UAc5G8nRoLSbrcKJ09OqmucgnhXEfdIQOR4gq1eJH1rN3gV7rNw62bDEgftsgFtBEg==", + "funding": { + "url": "https://github.com/sponsors/panva" + } + }, "node_modules/object-assign": { "version": "4.1.1", "license": "MIT", @@ -15126,14 +15185,6 @@ "node": ">=0.10.0" } }, - "node_modules/object-hash": { - "version": "2.2.0", - "resolved": "https://registry.npmjs.org/object-hash/-/object-hash-2.2.0.tgz", - "integrity": "sha512-gScRMn0bS5fH+IuwyIFgnh9zBdo4DV+6GhygmWM9HyNJSgS0hScp1f5vjtm7oIIOiT9trXrShAkLFSc2IqKNgw==", - "engines": { - "node": ">= 6" - } - }, "node_modules/object-inspect": { "version": "1.13.3", "resolved": "https://registry.npmjs.org/object-inspect/-/object-inspect-1.13.3.tgz", @@ -15203,14 +15254,6 @@ "version": "1.1.2", "license": "MIT" }, - "node_modules/oidc-token-hash": { - "version": "5.0.3", - "resolved": "https://registry.npmjs.org/oidc-token-hash/-/oidc-token-hash-5.0.3.tgz", - "integrity": "sha512-IF4PcGgzAr6XXSff26Sk/+P4KZFJVuHAJZj3wgO3vX2bMdNVp/QXTP3P7CEm9V1IdG8lDLY3HhiqpsE/nOwpPw==", - "engines": { - "node": "^10.13.0 || >=12.0.0" - } - }, "node_modules/on-finished": { "version": "2.3.0", "license": "MIT", @@ -15272,35 +15315,17 @@ } }, "node_modules/openid-client": { - "version": "5.6.5", - "resolved": "https://registry.npmjs.org/openid-client/-/openid-client-5.6.5.tgz", - "integrity": "sha512-5P4qO9nGJzB5PI0LFlhj4Dzg3m4odt0qsJTfyEtZyOlkgpILwEioOhVVJOrS1iVH494S4Ee5OCjjg6Bf5WOj3w==", + "version": "6.1.7", + "resolved": "https://registry.npmjs.org/openid-client/-/openid-client-6.1.7.tgz", + "integrity": "sha512-JfY/KvQgOutmG2P+oVNKInE7zIh+im1MQOaO7g5CtNnTWMociA563WweiEMKfR9ry9XG3K2HGvj9wEqhCQkPMg==", "dependencies": { - "jose": "^4.15.5", - "lru-cache": "^6.0.0", - "object-hash": "^2.2.0", - "oidc-token-hash": "^5.0.3" + "jose": "^5.9.6", + "oauth4webapi": "^3.1.4" }, "funding": { "url": "https://github.com/sponsors/panva" } }, - "node_modules/openid-client/node_modules/lru-cache": { - "version": "6.0.0", - "resolved": "https://registry.npmjs.org/lru-cache/-/lru-cache-6.0.0.tgz", - "integrity": "sha512-Jo6dJ04CmSjuznwJSS3pUeWmd/H0ffTlkXXgwZi+eq1UCmqQwCh+eLsYOYCwY991i2Fah4h1BEMCx4qThGbsiA==", - "dependencies": { - "yallist": "^4.0.0" - }, - "engines": { - "node": ">=10" - } - }, - "node_modules/openid-client/node_modules/yallist": { - "version": "4.0.0", - "resolved": "https://registry.npmjs.org/yallist/-/yallist-4.0.0.tgz", - "integrity": "sha512-3wdGidZyq5PB084XLES5TpOSRA3wjXAlIWMhum2kRcv/41Sn2emQ0dycQW4uZXLejwKvg6EsvbdlVL+FYEct7A==" - }, "node_modules/openurl": { "version": "1.1.1", "resolved": "https://registry.npmjs.org/openurl/-/openurl-1.1.1.tgz", @@ -17302,13 +17327,11 @@ } }, "node_modules/tmp": { - "version": "0.2.1", - "license": "MIT", - "dependencies": { - "rimraf": "^3.0.0" - }, + "version": "0.2.3", + "resolved": "https://registry.npmjs.org/tmp/-/tmp-0.2.3.tgz", + "integrity": "sha512-nZD7m9iCPC5g0pYmcaxogYKggSfLsdxl8of3Q/oIbqCqLLIO9IAF0GWjX1z9NZRHPiXv8Wex4yDCaZsgEw0Y8w==", "engines": { - "node": ">=8.17.0" + "node": ">=14.14" } }, "node_modules/tmpl": { @@ -26087,6 +26110,12 @@ } } }, + "express-rate-limit": { + "version": "7.5.0", + "resolved": "https://registry.npmjs.org/express-rate-limit/-/express-rate-limit-7.5.0.tgz", + "integrity": "sha512-eB5zbQh5h+VenMPM3fh+nw1YExi5nMr6HUCR62ELSP11huvxm/Uir1H1QEyTkk5QX6A58pX6NmaTMceKZ0Eodg==", + "requires": {} + }, "express-validator": { "version": "7.2.0", "resolved": "https://registry.npmjs.org/express-validator/-/express-validator-7.2.0.tgz", @@ -27933,9 +27962,9 @@ } }, "jose": { - "version": "4.15.5", - "resolved": "https://registry.npmjs.org/jose/-/jose-4.15.5.tgz", - "integrity": "sha512-jc7BFxgKPKi94uOvEmzlSWFFe2+vASyXaKUpdQKatWAESU2MWjDfFf0fdfc83CDKcA5QecabZeNLyfhe3yKNkg==" + "version": "5.9.6", + "resolved": "https://registry.npmjs.org/jose/-/jose-5.9.6.tgz", + "integrity": "sha512-AMlnetc9+CV9asI19zHmrgS/WYsWUwCn2R7RzlbJWD7F9eWYUTGyBmU9o6PxngtLGOiDGPRu+Uc4fhKzbpteZQ==" }, "js-beautify": { "version": "1.14.0", @@ -28006,12 +28035,20 @@ } }, "jsonwebtoken": { - "version": "9.0.0", + "version": "9.0.2", + "resolved": "https://registry.npmjs.org/jsonwebtoken/-/jsonwebtoken-9.0.2.tgz", + "integrity": "sha512-PRp66vJ865SSqOlgqS8hujT5U4AOgMfhrwYIuIhfKaoSCZcirrmASQr8CX7cUg+RMih+hgznrjp99o+W4pJLHQ==", "requires": { "jws": "^3.2.2", - "lodash": "^4.17.21", + "lodash.includes": "^4.3.0", + "lodash.isboolean": "^3.0.3", + "lodash.isinteger": "^4.0.4", + "lodash.isnumber": "^3.0.3", + "lodash.isplainobject": "^4.0.6", + "lodash.isstring": "^4.0.1", + "lodash.once": "^4.0.0", "ms": "^2.1.1", - "semver": "^7.3.8" + "semver": "^7.5.4" }, "dependencies": { "lru-cache": { @@ -28402,6 +28439,16 @@ "resolved": "https://registry.npmjs.org/lodash.debounce/-/lodash.debounce-4.0.8.tgz", "integrity": "sha512-FT1yDzDYEoYWhnSGnpE/4Kj1fLZkDFyqRb7fNt6FdYOSxlUWAtp42Eh6Wb0rGIv/m9Bgo7x4GhQbm5Ys4SG5ow==" }, + "lodash.includes": { + "version": "4.3.0", + "resolved": "https://registry.npmjs.org/lodash.includes/-/lodash.includes-4.3.0.tgz", + "integrity": "sha512-W3Bx6mdkRTGtlJISOvVD/lbqjTlPPUDTMnlXZFnVwi9NKJ6tiAk6LVdlhZMm17VZisqhKcgzpO5Wz91PCt5b0w==" + }, + "lodash.isboolean": { + "version": "3.0.3", + "resolved": "https://registry.npmjs.org/lodash.isboolean/-/lodash.isboolean-3.0.3.tgz", + "integrity": "sha512-Bz5mupy2SVbPHURB98VAcw+aHh4vRV5IPNhILUCsOzRmsTmSQ17jIuqopAentWoehktxGd9e/hbIXq980/1QJg==" + }, "lodash.isequal": { "version": "4.5.0" }, @@ -28411,6 +28458,26 @@ "integrity": "sha512-7FGG40uhC8Mm633uKW1r58aElFlBlxCrg9JfSi3P6aYiWmfiWF0PgMd86ZUsxE5GwWPdHoS2+48bwTh2VPkIQA==", "peer": true }, + "lodash.isinteger": { + "version": "4.0.4", + "resolved": "https://registry.npmjs.org/lodash.isinteger/-/lodash.isinteger-4.0.4.tgz", + "integrity": "sha512-DBwtEWN2caHQ9/imiNeEA5ys1JoRtRfY3d7V9wkqtbycnAmTvRRmbHKDV4a0EYc678/dia0jrte4tjYwVBaZUA==" + }, + "lodash.isnumber": { + "version": "3.0.3", + "resolved": "https://registry.npmjs.org/lodash.isnumber/-/lodash.isnumber-3.0.3.tgz", + "integrity": "sha512-QYqzpfwO3/CWf3XP+Z+tkQsfaLL/EnUlXWVkIk5FUPc4sBdTehEqZONuyRt2P67PXAk+NXmTBcc97zw9t1FQrw==" + }, + "lodash.isplainobject": { + "version": "4.0.6", + "resolved": "https://registry.npmjs.org/lodash.isplainobject/-/lodash.isplainobject-4.0.6.tgz", + "integrity": "sha512-oSXzaWypCMHkPC3NvBEaPHf0KsA5mvPrOPgQWDsbg8n7orZ290M0BmC/jgRZ4vcJ6DTAhjrsSYgdsW/F+MFOBA==" + }, + "lodash.isstring": { + "version": "4.0.1", + "resolved": "https://registry.npmjs.org/lodash.isstring/-/lodash.isstring-4.0.1.tgz", + "integrity": "sha512-0wJxfxH1wgO3GrbuP+dTTk7op+6L41QCXbGINEmD+ny/G/eCqGzxyCsh7159S+mgDDcoarnBw6PC1PS5+wUGgw==" + }, "lodash.memoize": { "version": "4.1.2", "dev": true @@ -28420,8 +28487,7 @@ "dev": true }, "lodash.once": { - "version": "4.1.1", - "dev": true + "version": "4.1.1" }, "lodash.range": { "version": "3.2.0" @@ -29248,14 +29314,14 @@ "boolbase": "^1.0.0" } }, + "oauth4webapi": { + "version": "3.1.4", + "resolved": "https://registry.npmjs.org/oauth4webapi/-/oauth4webapi-3.1.4.tgz", + "integrity": "sha512-eVfN3nZNbok2s/ROifO0UAc5G8nRoLSbrcKJ09OqmucgnhXEfdIQOR4gq1eJH1rN3gV7rNw62bDEgftsgFtBEg==" + }, "object-assign": { "version": "4.1.1" }, - "object-hash": { - "version": "2.2.0", - "resolved": "https://registry.npmjs.org/object-hash/-/object-hash-2.2.0.tgz", - "integrity": "sha512-gScRMn0bS5fH+IuwyIFgnh9zBdo4DV+6GhygmWM9HyNJSgS0hScp1f5vjtm7oIIOiT9trXrShAkLFSc2IqKNgw==" - }, "object-inspect": { "version": "1.13.3", "resolved": "https://registry.npmjs.org/object-inspect/-/object-inspect-1.13.3.tgz", @@ -29293,11 +29359,6 @@ "obuf": { "version": "1.1.2" }, - "oidc-token-hash": { - "version": "5.0.3", - "resolved": "https://registry.npmjs.org/oidc-token-hash/-/oidc-token-hash-5.0.3.tgz", - "integrity": "sha512-IF4PcGgzAr6XXSff26Sk/+P4KZFJVuHAJZj3wgO3vX2bMdNVp/QXTP3P7CEm9V1IdG8lDLY3HhiqpsE/nOwpPw==" - }, "on-finished": { "version": "2.3.0", "requires": { @@ -29332,29 +29393,12 @@ "dev": true }, "openid-client": { - "version": "5.6.5", - "resolved": "https://registry.npmjs.org/openid-client/-/openid-client-5.6.5.tgz", - "integrity": "sha512-5P4qO9nGJzB5PI0LFlhj4Dzg3m4odt0qsJTfyEtZyOlkgpILwEioOhVVJOrS1iVH494S4Ee5OCjjg6Bf5WOj3w==", + "version": "6.1.7", + "resolved": "https://registry.npmjs.org/openid-client/-/openid-client-6.1.7.tgz", + "integrity": "sha512-JfY/KvQgOutmG2P+oVNKInE7zIh+im1MQOaO7g5CtNnTWMociA563WweiEMKfR9ry9XG3K2HGvj9wEqhCQkPMg==", "requires": { - "jose": "^4.15.5", - "lru-cache": "^6.0.0", - "object-hash": "^2.2.0", - "oidc-token-hash": "^5.0.3" - }, - "dependencies": { - "lru-cache": { - "version": "6.0.0", - "resolved": "https://registry.npmjs.org/lru-cache/-/lru-cache-6.0.0.tgz", - "integrity": "sha512-Jo6dJ04CmSjuznwJSS3pUeWmd/H0ffTlkXXgwZi+eq1UCmqQwCh+eLsYOYCwY991i2Fah4h1BEMCx4qThGbsiA==", - "requires": { - "yallist": "^4.0.0" - } - }, - "yallist": { - "version": "4.0.0", - "resolved": "https://registry.npmjs.org/yallist/-/yallist-4.0.0.tgz", - "integrity": "sha512-3wdGidZyq5PB084XLES5TpOSRA3wjXAlIWMhum2kRcv/41Sn2emQ0dycQW4uZXLejwKvg6EsvbdlVL+FYEct7A==" - } + "jose": "^5.9.6", + "oauth4webapi": "^3.1.4" } }, "openurl": { @@ -30686,10 +30730,9 @@ "dev": true }, "tmp": { - "version": "0.2.1", - "requires": { - "rimraf": "^3.0.0" - } + "version": "0.2.3", + "resolved": "https://registry.npmjs.org/tmp/-/tmp-0.2.3.tgz", + "integrity": "sha512-nZD7m9iCPC5g0pYmcaxogYKggSfLsdxl8of3Q/oIbqCqLLIO9IAF0GWjX1z9NZRHPiXv8Wex4yDCaZsgEw0Y8w==" }, "tmpl": { "version": "1.0.5", diff --git a/package.json b/package.json index 6241c442af..fe740aedff 100644 --- a/package.json +++ b/package.json @@ -79,7 +79,7 @@ "@iframe-resizer/child": "^5.3.2", "@betagouv/jamstack-loader": "^1.0.0", "js-yaml": "^4.1.0", - "jsonwebtoken": "^9.0.0", + "jsonwebtoken": "^9.0.2", "lodash.clonedeep": "^4.5.0", "lodash.isequal": "^4.5.0", "lodash.range": "^3.2.0", @@ -88,11 +88,11 @@ "mongoose": "^6.11.3", "morgan": "^1.10.0", "nodemailer": "^6.9.3", - "openid-client": "^5.6.5", + "openid-client": "^6.1.3", "pinia": "^2.0.16", - "tmp": "^0.2.1", + "tmp": "^0.2.3", "ts-node": "^10.9.2", - "validator": "^13.7.0", + "validator": "^13.12.0", "vite": "^5.4.3", "vite-plugin-html": "^3.2.2", "vue": "^3.2.47", @@ -100,7 +100,8 @@ "vue-matomo": "^4.2.0", "vue-router": "^4.1.6", "webpack-cli": "^4.10.0", - "webpack-dev-server": "^4.7.3" + "webpack-dev-server": "^4.7.3", + "express-rate-limit": "^7.4.1" }, "devDependencies": { "@sentry/vite-plugin": "^2.22.4",