From 44e53f92962491709d9499f77c50090cab24a4cc Mon Sep 17 00:00:00 2001 From: Rhys Howell Date: Mon, 2 Jun 2025 13:30:47 -0400 Subject: [PATCH 1/8] chore(deps): update node in ci to 22 --- .evergreen.yml | 2 +- .github/workflows/nodejs.yml | 10 +++++----- .github/workflows/publish-release.yml | 4 ++-- .tool-versions | 6 ++++++ package-lock.json | 2 +- package.json | 2 +- src/plugin.ts | 9 ++++++++- 7 files changed, 24 insertions(+), 11 deletions(-) create mode 100644 .tool-versions diff --git a/.evergreen.yml b/.evergreen.yml index 6a97e51..8407424 100644 --- a/.evergreen.yml +++ b/.evergreen.yml @@ -14,7 +14,7 @@ functions: set -e set -x - export NODE_VERSION=16.19.0 + export NODE_VERSION=22.15.1 bash .evergreen/install-node.sh install: - command: shell.exec diff --git a/.github/workflows/nodejs.yml b/.github/workflows/nodejs.yml index 8b0a91a..6dad7a2 100644 --- a/.github/workflows/nodejs.yml +++ b/.github/workflows/nodejs.yml @@ -15,7 +15,7 @@ jobs: fail-fast: false matrix: os: [ubuntu-latest, macos-latest, windows-latest] - node-version: [16.x, 18.x, 20.x] + node-version: [22.x, 24.x] runs-on: ${{matrix.os}} steps: - uses: actions/checkout@v4 @@ -23,7 +23,7 @@ jobs: uses: actions/setup-node@v4 with: node-version: ${{ matrix.node-version }} - # the oidc-provider package we use doesn't list Node.js 20 as supported + # the oidc-provider package we use doesn't list Node.js 22 and 24 as supported - name: Install Dependencies run: npm ci --ignore-engines - name: Test @@ -34,7 +34,7 @@ jobs: fail-fast: false matrix: os: [ubuntu-latest] - node-version: [18.x] + node-version: [22.x] runs-on: ${{matrix.os}} steps: - uses: actions/checkout@v4 @@ -56,10 +56,10 @@ jobs: steps: - uses: actions/checkout@v4 - - name: Use Node.js 20.x + - name: Use Node.js 22.x uses: actions/setup-node@v4 with: - node-version: 20.x + node-version: 22.x - name: Install Dependencies run: npm ci --ignore-engines diff --git a/.github/workflows/publish-release.yml b/.github/workflows/publish-release.yml index 604d452..547516f 100644 --- a/.github/workflows/publish-release.yml +++ b/.github/workflows/publish-release.yml @@ -19,10 +19,10 @@ jobs: - uses: actions/checkout@v4 - - name: Use Node.js 20.x + - name: Use Node.js 22.x uses: actions/setup-node@v4 with: - node-version: 20.x + node-version: 22.x registry-url: 'https://registry.npmjs.org' - name: Install Dependencies diff --git a/.tool-versions b/.tool-versions new file mode 100644 index 0000000..4baf1f2 --- /dev/null +++ b/.tool-versions @@ -0,0 +1,6 @@ +# This file is for the version management tool "asdf". +# mms uses it as well. + +# This Node.js version matches the one required in +# the "engines" in the package.json and .everygreen.yml +nodejs 22.15.1 diff --git a/package-lock.json b/package-lock.json index 8f4a7bf..b92f76c 100644 --- a/package-lock.json +++ b/package-lock.json @@ -49,7 +49,7 @@ "xvfb-maybe": "^0.2.1" }, "engines": { - "node": ">= 16.20.1" + "node": ">= 22.15.1" } }, "node_modules/@ampproject/remapping": { diff --git a/package.json b/package.json index e099743..ffc25ae 100644 --- a/package.json +++ b/package.json @@ -30,7 +30,7 @@ "import": "./dist/.esm-wrapper.mjs" }, "engines": { - "node": ">= 16.20.1" + "node": ">= 22.15.1" }, "types": "./index.d.ts", "scripts": { diff --git a/src/plugin.ts b/src/plugin.ts index 5877543..6bdc614 100644 --- a/src/plugin.ts +++ b/src/plugin.ts @@ -57,6 +57,7 @@ interface UserOIDCAuthState { // A Promise that resolves when the current authentication attempt // is finished, if there is one at the moment. currentAuthAttempt: Promise | null; + currentAuthAttemptId: string | null; // The last set of OIDC tokens we have received together with a // callback to refresh it and the client used to obtain it, if available. currentTokenSet: { @@ -246,6 +247,7 @@ export class MongoDBOIDCPluginImpl implements MongoDBOIDCPlugin { const state: UserOIDCAuthState = { serverOIDCMetadata: { ...serializedState.serverOIDCMetadata }, currentAuthAttempt: null, + currentAuthAttemptId: null, currentTokenSet: null, lastIdTokenClaims: serializedState.lastIdTokenClaims ? { ...serializedState.lastIdTokenClaims } @@ -283,6 +285,7 @@ export class MongoDBOIDCPluginImpl implements MongoDBOIDCPlugin { currentTokenSet: { set: { ...state.currentTokenSet?.set }, }, + currentAuthAttemptId: state.currentAuthAttemptId, lastIdTokenClaims: state.lastIdTokenClaims ? { ...state.lastIdTokenClaims } : undefined, @@ -345,6 +348,7 @@ export class MongoDBOIDCPluginImpl implements MongoDBOIDCPlugin { const newState: UserOIDCAuthState = { serverOIDCMetadata: serverMetadata, currentAuthAttempt: null, + currentAuthAttemptId: null, currentTokenSet: null, }; this.mapIdpToAuthState.set(key, newState); @@ -1021,10 +1025,13 @@ export class MongoDBOIDCPluginImpl implements MongoDBOIDCPlugin { ); try { state.currentAuthAttempt = newAuthAttempt; + state.currentAuthAttemptId = `${Date.now()}`; // TODO req id typing. return await newAuthAttempt; } finally { - if (state.currentAuthAttempt === newAuthAttempt) + if (state.currentAuthAttempt === newAuthAttempt) { state.currentAuthAttempt = null; + state.currentAuthAttemptId = null; + } } } finally { if (params.refreshToken) { From c18a66572b212a2f24cd28e35bfe732e7d8df79c Mon Sep 17 00:00:00 2001 From: Rhys Howell Date: Mon, 2 Jun 2025 13:32:23 -0400 Subject: [PATCH 2/8] fixup: remove unrelated code --- src/plugin.ts | 9 +-------- 1 file changed, 1 insertion(+), 8 deletions(-) diff --git a/src/plugin.ts b/src/plugin.ts index 6bdc614..5877543 100644 --- a/src/plugin.ts +++ b/src/plugin.ts @@ -57,7 +57,6 @@ interface UserOIDCAuthState { // A Promise that resolves when the current authentication attempt // is finished, if there is one at the moment. currentAuthAttempt: Promise | null; - currentAuthAttemptId: string | null; // The last set of OIDC tokens we have received together with a // callback to refresh it and the client used to obtain it, if available. currentTokenSet: { @@ -247,7 +246,6 @@ export class MongoDBOIDCPluginImpl implements MongoDBOIDCPlugin { const state: UserOIDCAuthState = { serverOIDCMetadata: { ...serializedState.serverOIDCMetadata }, currentAuthAttempt: null, - currentAuthAttemptId: null, currentTokenSet: null, lastIdTokenClaims: serializedState.lastIdTokenClaims ? { ...serializedState.lastIdTokenClaims } @@ -285,7 +283,6 @@ export class MongoDBOIDCPluginImpl implements MongoDBOIDCPlugin { currentTokenSet: { set: { ...state.currentTokenSet?.set }, }, - currentAuthAttemptId: state.currentAuthAttemptId, lastIdTokenClaims: state.lastIdTokenClaims ? { ...state.lastIdTokenClaims } : undefined, @@ -348,7 +345,6 @@ export class MongoDBOIDCPluginImpl implements MongoDBOIDCPlugin { const newState: UserOIDCAuthState = { serverOIDCMetadata: serverMetadata, currentAuthAttempt: null, - currentAuthAttemptId: null, currentTokenSet: null, }; this.mapIdpToAuthState.set(key, newState); @@ -1025,13 +1021,10 @@ export class MongoDBOIDCPluginImpl implements MongoDBOIDCPlugin { ); try { state.currentAuthAttempt = newAuthAttempt; - state.currentAuthAttemptId = `${Date.now()}`; // TODO req id typing. return await newAuthAttempt; } finally { - if (state.currentAuthAttempt === newAuthAttempt) { + if (state.currentAuthAttempt === newAuthAttempt) state.currentAuthAttempt = null; - state.currentAuthAttemptId = null; - } } } finally { if (params.refreshToken) { From c895d5e145fe8093521196730f3c0b0b59d044b8 Mon Sep 17 00:00:00 2001 From: Rhys Howell Date: Wed, 4 Jun 2025 14:31:49 -0400 Subject: [PATCH 3/8] fixup: add chrome flags to disable the chrome password manager, limit workflow run max run time --- .github/workflows/nodejs.yml | 1 + test/oidc-test-provider.ts | 6 +++++- 2 files changed, 6 insertions(+), 1 deletion(-) diff --git a/.github/workflows/nodejs.yml b/.github/workflows/nodejs.yml index 6dad7a2..ada9d86 100644 --- a/.github/workflows/nodejs.yml +++ b/.github/workflows/nodejs.yml @@ -11,6 +11,7 @@ name: CI jobs: test: name: Test + timeout-minutes: 10 strategy: fail-fast: false matrix: diff --git a/test/oidc-test-provider.ts b/test/oidc-test-provider.ts index 293f312..e421d94 100644 --- a/test/oidc-test-provider.ts +++ b/test/oidc-test-provider.ts @@ -227,7 +227,11 @@ async function spawnBrowser( ...options.capabilities, 'goog:chromeOptions': { binary: electronPath, - args: [`--app=${url}`, '--'], + args: [`--app=${url}`, '--disable-save-password-bubble', '--'], + prefs: { + 'profile.password_manager_enabled': false, + credentials_enable_service: false, + }, }, }, }); From 3991950365bfdceb6ae579379f1f9d09aef66319 Mon Sep 17 00:00:00 2001 From: Anna Henningsen Date: Thu, 12 Jun 2025 13:58:07 +0200 Subject: [PATCH 4/8] fixup: drop minimum to latest Node.js 20.x --- .github/workflows/nodejs.yml | 4 ++-- package.json | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/nodejs.yml b/.github/workflows/nodejs.yml index ada9d86..9a0c508 100644 --- a/.github/workflows/nodejs.yml +++ b/.github/workflows/nodejs.yml @@ -16,7 +16,7 @@ jobs: fail-fast: false matrix: os: [ubuntu-latest, macos-latest, windows-latest] - node-version: [22.x, 24.x] + node-version: [20.x, 22.x, 24.x] runs-on: ${{matrix.os}} steps: - uses: actions/checkout@v4 @@ -24,7 +24,7 @@ jobs: uses: actions/setup-node@v4 with: node-version: ${{ matrix.node-version }} - # the oidc-provider package we use doesn't list Node.js 22 and 24 as supported + # the oidc-provider package we use doesn't list Node.js 20, 22 and 24 as supported - name: Install Dependencies run: npm ci --ignore-engines - name: Test diff --git a/package.json b/package.json index ffc25ae..a5b0ef8 100644 --- a/package.json +++ b/package.json @@ -30,7 +30,7 @@ "import": "./dist/.esm-wrapper.mjs" }, "engines": { - "node": ">= 22.15.1" + "node": ">= 20.19.2" }, "types": "./index.d.ts", "scripts": { From 595d40ea779c9f6d984a7676ae9b2709938c609b Mon Sep 17 00:00:00 2001 From: Anna Henningsen Date: Thu, 12 Jun 2025 14:21:51 +0200 Subject: [PATCH 5/8] fixup: bump GHA timeout to 20 min --- .github/workflows/nodejs.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/nodejs.yml b/.github/workflows/nodejs.yml index 9a0c508..698c6a3 100644 --- a/.github/workflows/nodejs.yml +++ b/.github/workflows/nodejs.yml @@ -11,7 +11,7 @@ name: CI jobs: test: name: Test - timeout-minutes: 10 + timeout-minutes: 20 strategy: fail-fast: false matrix: From b53b45197d4a71266fccc5143be76233eb6e5def Mon Sep 17 00:00:00 2001 From: Anna Henningsen Date: Thu, 12 Jun 2025 18:41:54 +0200 Subject: [PATCH 6/8] debug --- package-lock.json | 2 +- src/plugin.spec.ts | 7 ++++++- 2 files changed, 7 insertions(+), 2 deletions(-) diff --git a/package-lock.json b/package-lock.json index b92f76c..bb6daa6 100644 --- a/package-lock.json +++ b/package-lock.json @@ -49,7 +49,7 @@ "xvfb-maybe": "^0.2.1" }, "engines": { - "node": ">= 22.15.1" + "node": ">= 20.19.2" } }, "node_modules/@ampproject/remapping": { diff --git a/src/plugin.spec.ts b/src/plugin.spec.ts index a35b260..4aafce9 100644 --- a/src/plugin.spec.ts +++ b/src/plugin.spec.ts @@ -680,7 +680,7 @@ describe('OIDC plugin (local OIDC provider)', function () { }); }); - it('respect user aborts and does not attempt device flow auth', async function () { + it.only('falls back to device auth flow', async function () { const events: [string, unknown][] = []; for (const event of [ 'mongodb-oidc-plugin:auth-attempt-started', @@ -689,6 +689,11 @@ describe('OIDC plugin (local OIDC provider)', function () { ]) { logger.on(event, (data) => events.push([event, data])); } + const originalEmit = logger.emit.bind(logger); + logger.emit = function (event, ...args) { + console.dir({ event, args }, { depth: 5, colors: true }); + return originalEmit(event, ...args); + }; await requestToken(plugin, provider.getMongodbOIDCDBInfo()); expect(events).to.deep.include([ 'mongodb-oidc-plugin:auth-attempt-started', From 564fd1a789a8f9852c273a53e74f8dc87b39cd9f Mon Sep 17 00:00:00 2001 From: Anna Henningsen Date: Thu, 12 Jun 2025 19:12:35 +0200 Subject: [PATCH 7/8] debug --- test/oidc-test-provider.ts | 1 + 1 file changed, 1 insertion(+) diff --git a/test/oidc-test-provider.ts b/test/oidc-test-provider.ts index e421d94..8a9d2c5 100644 --- a/test/oidc-test-provider.ts +++ b/test/oidc-test-provider.ts @@ -286,6 +286,7 @@ async function waitForTitle( ): Promise { await browser.waitUntil(async () => { const actual = (await browser.$(selector).getText()).trim(); + console.log({ actual, expected, selector }); let matches: boolean; if (typeof expected === 'string') { matches = actual.toLowerCase() === expected.toLowerCase(); From 089d737ed0e0f6fae53467e9843d4eae1cf1095d Mon Sep 17 00:00:00 2001 From: Anna Henningsen Date: Thu, 12 Jun 2025 19:28:03 +0200 Subject: [PATCH 8/8] debug --- test/oidc-test-provider.ts | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/test/oidc-test-provider.ts b/test/oidc-test-provider.ts index 8a9d2c5..0d30df7 100644 --- a/test/oidc-test-provider.ts +++ b/test/oidc-test-provider.ts @@ -285,7 +285,9 @@ async function waitForTitle( selector = 'h1' ): Promise { await browser.waitUntil(async () => { - const actual = (await browser.$(selector).getText()).trim(); + const element = await browser.$(selector); + await element.waitForDisplayed(); + const actual = (await element.getText()).trim(); console.log({ actual, expected, selector }); let matches: boolean; if (typeof expected === 'string') {