Use jwks-rsa 2.0.2, with async/await support

olleolleolle · olleolleolle · commit 85fb56bcdf99 · 2021-04-01T17:13:16.000+02:00
This pushes up to declare Node 10+ as a requirement, but we were using that in practice, before, too. jwks-rsa CHANGELOG mentions this upgrade guide: https://github.com/auth0/node-jwks-rsa/blob/master/CHANGELOG.md#migrated-callbacks-to-asyncawait
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -120,6 +120,7 @@ ___
 - Improve data consistency in Push and Job Status update (Diamond Lewis) [#7267](https://github.com/parse-community/parse-server/pull/7267)
 - Excluding keys that have trailing edges.node when performing GraphQL resolver (Chris Bland) [#7273](https://github.com/parse-community/parse-server/pull/7273)
 - Added centralized feature deprecation with standardized warning logs (Manuel Trezza) [#7303](https://github.com/parse-community/parse-server/pull/7303)
+- Use jwks-rsa 2.x (Olle Jonsson) [#7305](https://github.com/parse-community/parse-server/pull/7305)
 ___
 ## 4.5.0
 [Full Changelog](https://github.com/parse-community/parse-server/compare/4.4.0...4.5.0)
diff --git a/package-lock.json b/package-lock.json
diff --git a/package.json b/package.json
@@ -42,7 +42,7 @@
     "graphql-upload": "11.0.0",
     "intersect": "1.0.1",
     "jsonwebtoken": "8.5.1",
-    "jwks-rsa": "1.12.3",
+    "jwks-rsa": "2.0.2",
     "ldapjs": "2.2.4",
     "lodash": "4.17.21",
     "lru-cache": "5.1.1",
@@ -125,7 +125,7 @@
     "postinstall": "node -p 'require(\"./postinstall.js\")()'"
   },
   "engines": {
-    "node": ">= 8"
+    "node": ">= 10"
   },
   "bin": {
     "parse-server": "bin/parse-server"
diff --git a/spec/AuthenticationAdapters.spec.js b/spec/AuthenticationAdapters.spec.js
@@ -1327,7 +1327,7 @@ describe('oauth2 auth adapter', () => {
 describe('apple signin auth adapter', () => {
   const apple = require('../lib/Adapters/Auth/apple');
   const jwt = require('jsonwebtoken');
-  const util = require('util');
+  const jwksClient = require('jwks-rsa');
 
   it('(using client id as string) should throw error with missing id_token', async () => {
     try {
@@ -1389,7 +1389,7 @@ describe('apple signin auth adapter', () => {
     const fakeGetSigningKeyAsyncFunction = () => {
       return { kid: '123', rsaPublicKey: 'the_rsa_public_key' };
     };
-    spyOn(util, 'promisify').and.callFake(() => fakeGetSigningKeyAsyncFunction);
+    spyOn(jwksClient, 'getSigningKey').and.callFake(() => fakeGetSigningKeyAsyncFunction);
 
     const result = await apple.validateAuthData(
       { id: 'the_user_id', token: 'the_token' },
@@ -1405,7 +1405,7 @@ describe('apple signin auth adapter', () => {
     const fakeGetSigningKeyAsyncFunction = () => {
       return { kid: '123', rsaPublicKey: 'the_rsa_public_key' };
     };
-    spyOn(util, 'promisify').and.callFake(() => fakeGetSigningKeyAsyncFunction);
+    spyOn(jwksClient, 'getSigningKey').and.callFake(() => fakeGetSigningKeyAsyncFunction);
 
     try {
       await apple.validateAuthData(
@@ -1442,7 +1442,7 @@ describe('apple signin auth adapter', () => {
     const fakeGetSigningKeyAsyncFunction = () => {
       return { kid: '123', rsaPublicKey: 'the_rsa_public_key' };
     };
-    spyOn(util, 'promisify').and.callFake(() => fakeGetSigningKeyAsyncFunction);
+    spyOn(jwksClient, 'getSigningKey').and.callFake(() => fakeGetSigningKeyAsyncFunction);
     spyOn(jwt, 'verify').and.callFake(() => fakeClaim);
 
     const result = await apple.validateAuthData(
@@ -1464,7 +1464,7 @@ describe('apple signin auth adapter', () => {
     const fakeGetSigningKeyAsyncFunction = () => {
       return { kid: '123', rsaPublicKey: 'the_rsa_public_key' };
     };
-    spyOn(util, 'promisify').and.callFake(() => fakeGetSigningKeyAsyncFunction);
+    spyOn(jwksClient, 'getSigningKey').and.callFake(() => fakeGetSigningKeyAsyncFunction);
     spyOn(jwt, 'verify').and.callFake(() => fakeClaim);
 
     const result = await apple.validateAuthData(
@@ -1486,7 +1486,7 @@ describe('apple signin auth adapter', () => {
     const fakeGetSigningKeyAsyncFunction = () => {
       return { kid: '123', rsaPublicKey: 'the_rsa_public_key' };
     };
-    spyOn(util, 'promisify').and.callFake(() => fakeGetSigningKeyAsyncFunction);
+    spyOn(jwksClient, 'getSigningKey').and.callFake(() => fakeGetSigningKeyAsyncFunction);
     spyOn(jwt, 'verify').and.callFake(() => fakeClaim);
 
     const result = await apple.validateAuthData(
@@ -1506,7 +1506,7 @@ describe('apple signin auth adapter', () => {
     const fakeGetSigningKeyAsyncFunction = () => {
       return { kid: '123', rsaPublicKey: 'the_rsa_public_key' };
     };
-    spyOn(util, 'promisify').and.callFake(() => fakeGetSigningKeyAsyncFunction);
+    spyOn(jwksClient, 'getSigningKey').and.callFake(() => fakeGetSigningKeyAsyncFunction);
     spyOn(jwt, 'verify').and.callFake(() => fakeClaim);
 
     try {
@@ -1534,7 +1534,7 @@ describe('apple signin auth adapter', () => {
     const fakeGetSigningKeyAsyncFunction = () => {
       return { kid: '123', rsaPublicKey: 'the_rsa_public_key' };
     };
-    spyOn(util, 'promisify').and.callFake(() => fakeGetSigningKeyAsyncFunction);
+    spyOn(jwksClient, 'getSigningKey').and.callFake(() => fakeGetSigningKeyAsyncFunction);
     spyOn(jwt, 'verify').and.callFake(() => fakeClaim);
 
     try {
@@ -1563,7 +1563,7 @@ describe('apple signin auth adapter', () => {
     const fakeGetSigningKeyAsyncFunction = () => {
       return { kid: '123', rsaPublicKey: 'the_rsa_public_key' };
     };
-    spyOn(util, 'promisify').and.callFake(() => fakeGetSigningKeyAsyncFunction);
+    spyOn(jwksClient, 'getSigningKey').and.callFake(() => fakeGetSigningKeyAsyncFunction);
     spyOn(jwt, 'verify').and.callFake(() => fakeClaim);
 
     try {
@@ -1635,7 +1635,7 @@ describe('apple signin auth adapter', () => {
     const fakeGetSigningKeyAsyncFunction = () => {
       return { kid: '123', rsaPublicKey: 'the_rsa_public_key' };
     };
-    spyOn(util, 'promisify').and.callFake(() => fakeGetSigningKeyAsyncFunction);
+    spyOn(jwksClient, 'getSigningKey').and.callFake(() => fakeGetSigningKeyAsyncFunction);
     spyOn(jwt, 'verify').and.callFake(() => fakeClaim);
 
     try {
@@ -1760,7 +1760,7 @@ describe('microsoft graph auth adapter', () => {
 describe('facebook limited auth adapter', () => {
   const facebook = require('../lib/Adapters/Auth/facebook');
   const jwt = require('jsonwebtoken');
-  const util = require('util');
+  const jwksClient = require('jwks-rsa');
 
   // TODO: figure out a way to run this test alongside facebook classic tests
   xit('(using client id as string) should throw error with missing id_token', async () => {
@@ -1831,7 +1831,7 @@ describe('facebook limited auth adapter', () => {
         rsaPublicKey: 'the_rsa_public_key',
       };
     };
-    spyOn(util, 'promisify').and.callFake(() => fakeGetSigningKeyAsyncFunction);
+    spyOn(jwksClient, 'getSigningKey').and.callFake(() => fakeGetSigningKeyAsyncFunction);
 
     const result = await facebook.validateAuthData(
       { id: 'the_user_id', token: 'the_token' },
@@ -1852,7 +1852,7 @@ describe('facebook limited auth adapter', () => {
         rsaPublicKey: 'the_rsa_public_key',
       };
     };
-    spyOn(util, 'promisify').and.callFake(() => fakeGetSigningKeyAsyncFunction);
+    spyOn(jwksClient, 'getSigningKey').and.callFake(() => fakeGetSigningKeyAsyncFunction);
 
     try {
       await facebook.validateAuthData(
@@ -1894,7 +1894,7 @@ describe('facebook limited auth adapter', () => {
         rsaPublicKey: 'the_rsa_public_key',
       };
     };
-    spyOn(util, 'promisify').and.callFake(() => fakeGetSigningKeyAsyncFunction);
+    spyOn(jwksClient, 'getSigningKey').and.callFake(() => fakeGetSigningKeyAsyncFunction);
     spyOn(jwt, 'verify').and.callFake(() => fakeClaim);
 
     const result = await facebook.validateAuthData(
@@ -1921,7 +1921,7 @@ describe('facebook limited auth adapter', () => {
         rsaPublicKey: 'the_rsa_public_key',
       };
     };
-    spyOn(util, 'promisify').and.callFake(() => fakeGetSigningKeyAsyncFunction);
+    spyOn(jwksClient, 'getSigningKey').and.callFake(() => fakeGetSigningKeyAsyncFunction);
     spyOn(jwt, 'verify').and.callFake(() => fakeClaim);
 
     const result = await facebook.validateAuthData(
@@ -1948,7 +1948,7 @@ describe('facebook limited auth adapter', () => {
         rsaPublicKey: 'the_rsa_public_key',
       };
     };
-    spyOn(util, 'promisify').and.callFake(() => fakeGetSigningKeyAsyncFunction);
+    spyOn(jwksClient, 'getSigningKey').and.callFake(() => fakeGetSigningKeyAsyncFunction);
     spyOn(jwt, 'verify').and.callFake(() => fakeClaim);
 
     const result = await facebook.validateAuthData(
@@ -1973,7 +1973,7 @@ describe('facebook limited auth adapter', () => {
         rsaPublicKey: 'the_rsa_public_key',
       };
     };
-    spyOn(util, 'promisify').and.callFake(() => fakeGetSigningKeyAsyncFunction);
+    spyOn(jwksClient, 'getSigningKey').and.callFake(() => fakeGetSigningKeyAsyncFunction);
     spyOn(jwt, 'verify').and.callFake(() => fakeClaim);
 
     try {
@@ -2006,7 +2006,7 @@ describe('facebook limited auth adapter', () => {
         rsaPublicKey: 'the_rsa_public_key',
       };
     };
-    spyOn(util, 'promisify').and.callFake(() => fakeGetSigningKeyAsyncFunction);
+    spyOn(jwksClient, 'getSigningKey').and.callFake(() => fakeGetSigningKeyAsyncFunction);
     spyOn(jwt, 'verify').and.callFake(() => fakeClaim);
 
     try {
@@ -2040,7 +2040,7 @@ describe('facebook limited auth adapter', () => {
         rsaPublicKey: 'the_rsa_public_key',
       };
     };
-    spyOn(util, 'promisify').and.callFake(() => fakeGetSigningKeyAsyncFunction);
+    spyOn(jwksClient, 'getSigningKey').and.callFake(() => fakeGetSigningKeyAsyncFunction);
     spyOn(jwt, 'verify').and.callFake(() => fakeClaim);
 
     try {
@@ -2126,7 +2126,7 @@ describe('facebook limited auth adapter', () => {
         rsaPublicKey: 'the_rsa_public_key',
       };
     };
-    spyOn(util, 'promisify').and.callFake(() => fakeGetSigningKeyAsyncFunction);
+    spyOn(jwksClient, 'getSigningKey').and.callFake(() => fakeGetSigningKeyAsyncFunction);
     spyOn(jwt, 'verify').and.callFake(() => fakeClaim);
 
     try {
diff --git a/src/Adapters/Auth/apple.js b/src/Adapters/Auth/apple.js
@@ -3,7 +3,6 @@
 
 const Parse = require('parse/node').Parse;
 const jwksClient = require('jwks-rsa');
-const util = require('util');
 const jwt = require('jsonwebtoken');
 
 const TOKEN_ISSUER = 'https://appleid.apple.com';
@@ -16,11 +15,9 @@ const getAppleKeyByKeyId = async (keyId, cacheMaxEntries, cacheMaxAge) => {
     cacheMaxAge,
   });
 
-  const asyncGetSigningKeyFunction = util.promisify(client.getSigningKey);
-
   let key;
   try {
-    key = await asyncGetSigningKeyFunction(keyId);
+    key = await client.getSigningKey(keyId);
   } catch (error) {
     throw new Parse.Error(
       Parse.Error.OBJECT_NOT_FOUND,
diff --git a/src/Adapters/Auth/facebook.js b/src/Adapters/Auth/facebook.js
@@ -2,7 +2,6 @@
 const Parse = require('parse/node').Parse;
 const crypto = require('crypto');
 const jwksClient = require('jwks-rsa');
-const util = require('util');
 const jwt = require('jsonwebtoken');
 const httpsRequest = require('./httpsRequest');
 
@@ -58,11 +57,9 @@ const getFacebookKeyByKeyId = async (keyId, cacheMaxEntries, cacheMaxAge) => {
     cacheMaxAge,
   });
 
-  const asyncGetSigningKeyFunction = util.promisify(client.getSigningKey);
-
   let key;
   try {
-    key = await asyncGetSigningKeyFunction(keyId);
+    key = await client.getSigningKey(keyId);
   } catch (error) {
     throw new Parse.Error(
       Parse.Error.OBJECT_NOT_FOUND,
