Fix OIDC bugs due to amnesiac stores forgetting OIDC issuer & other data (#12166)

* Fix OIDC bugs due to amnesiac stores forgetting OIDC issuer & other data

Signed-off-by: Michael Telatynski <[email protected]>

* Fix tests

Signed-off-by: Michael Telatynski <[email protected]>

---------

Signed-off-by: Michael Telatynski <[email protected]>

Author: t3chguy

src/utils/oidc/persistOidcSettings.ts

@@ -21,7 +21,7 @@ const tokenIssuerStorageKey = "mx_oidc_token_issuer";
 const idTokenClaimsStorageKey = "mx_oidc_id_token_claims";
 
 /**
- * Persists oidc clientId and issuer in session storage
+ * Persists oidc clientId and issuer in local storage
  * Only set after successful authentication
  * @param clientId
  * @param issuer
@@ -31,39 +31,39 @@ export const persistOidcAuthenticatedSettings = (
     issuer: string,
     idTokenClaims: IdTokenClaims,
 ): void => {
-    sessionStorage.setItem(clientIdStorageKey, clientId);
-    sessionStorage.setItem(tokenIssuerStorageKey, issuer);
-    sessionStorage.setItem(idTokenClaimsStorageKey, JSON.stringify(idTokenClaims));
+    localStorage.setItem(clientIdStorageKey, clientId);
+    localStorage.setItem(tokenIssuerStorageKey, issuer);
+    localStorage.setItem(idTokenClaimsStorageKey, JSON.stringify(idTokenClaims));
 };
 
 /**
- * Retrieve stored oidc issuer from session storage
+ * Retrieve stored oidc issuer from local storage
  * When user has token from OIDC issuer, this will be set
  * @returns issuer or undefined
  */
 export const getStoredOidcTokenIssuer = (): string | undefined => {
-    return sessionStorage.getItem(tokenIssuerStorageKey) ?? undefined;
+    return localStorage.getItem(tokenIssuerStorageKey) ?? undefined;
 };
 
 /**
- * Retrieves stored oidc client id from session storage
+ * Retrieves stored oidc client id from local storage
  * @returns clientId
- * @throws when clientId is not found in session storage
+ * @throws when clientId is not found in local storage
  */
 export const getStoredOidcClientId = (): string => {
-    const clientId = sessionStorage.getItem(clientIdStorageKey);
+    const clientId = localStorage.getItem(clientIdStorageKey);
     if (!clientId) {
         throw new Error("Oidc client id not found in storage");
     }
     return clientId;
 };
 
 /**
- * Retrieve stored id token claims from session storage
+ * Retrieve stored id token claims from local storage
  * @returns idtokenclaims or undefined
  */
 export const getStoredOidcIdTokenClaims = (): IdTokenClaims | undefined => {
-    const idTokenClaims = sessionStorage.getItem(idTokenClaimsStorageKey);
+    const idTokenClaims = localStorage.getItem(idTokenClaimsStorageKey);
     if (!idTokenClaims) {
         return;
     }

test/components/structures/MatrixChat-test.tsx

@@ -449,8 +449,8 @@ describe("<MatrixChat />", () => {
 
                 await flushPromises();
 
-                expect(sessionStorage.getItem("mx_oidc_client_id")).toEqual(clientId);
-                expect(sessionStorage.getItem("mx_oidc_token_issuer")).toEqual(issuer);
+                expect(localStorage.getItem("mx_oidc_client_id")).toEqual(clientId);
+                expect(localStorage.getItem("mx_oidc_token_issuer")).toEqual(issuer);
             });
 
             it("should set logged in and start MatrixClient", async () => {

test/stores/oidc/OidcClientStore-test.ts

@@ -34,19 +34,16 @@ describe("OidcClientStore", () => {
     const clientId = "test-client-id";
     const metadata = mockOpenIdConfiguration();
     const account = metadata.issuer + "account";
-    const mockSessionStorage: Record<string, string> = {
-        mx_oidc_client_id: clientId,
-        mx_oidc_token_issuer: metadata.issuer,
-    };
 
     const mockClient = getMockClientWithEventEmitter({
         waitForClientWellKnown: jest.fn().mockResolvedValue({}),
     });
 
     beforeEach(() => {
-        jest.spyOn(sessionStorage.__proto__, "getItem")
-            .mockClear()
-            .mockImplementation((key) => mockSessionStorage[key as string] ?? null);
+        localStorage.clear();
+        localStorage.setItem("mx_oidc_client_id", clientId);
+        localStorage.setItem("mx_oidc_token_issuer", metadata.issuer);
+
         mocked(discoverAndValidateAuthenticationConfig).mockClear().mockResolvedValue({
             metadata,
             account,
@@ -71,7 +68,7 @@ describe("OidcClientStore", () => {
         });
 
         it("should return false when no issuer is in session storage", () => {
-            jest.spyOn(sessionStorage.__proto__, "getItem").mockReturnValue(null);
+            localStorage.clear();
             const store = new OidcClientStore(mockClient);
 
             expect(store.isUserAuthenticatedWithOidc).toEqual(false);
@@ -98,14 +95,7 @@ describe("OidcClientStore", () => {
         });
 
         it("should log and return when no clientId is found in storage", async () => {
-            const sessionStorageWithoutClientId: Record<string, string | null> = {
-                ...mockSessionStorage,
-                mx_oidc_client_id: null,
-            };
-            jest.spyOn(sessionStorage.__proto__, "getItem").mockImplementation(
-                (key) => sessionStorageWithoutClientId[key as string] ?? null,
-            );
-
+            localStorage.removeItem("mx_oidc_client_id");
             const store = new OidcClientStore(mockClient);
 
             // no oidc client
@@ -209,13 +199,7 @@ describe("OidcClientStore", () => {
         it("should throw when oidcClient could not be initialised", async () => {
             // make oidcClient initialisation fail
             mockClient.waitForClientWellKnown.mockResolvedValue(undefined as any);
-            const sessionStorageWithoutIssuer: Record<string, string | null> = {
-                ...mockSessionStorage,
-                mx_oidc_token_issuer: null,
-            };
-            jest.spyOn(sessionStorage.__proto__, "getItem").mockImplementation(
-                (key) => sessionStorageWithoutIssuer[key as string] ?? null,
-            );
+            localStorage.removeItem("mx_oidc_token_issuer");
 
             const store = new OidcClientStore(mockClient);
 

test/utils/oidc/persistOidcSettings-test.ts

@@ -24,10 +24,11 @@ import {
 } from "../../../src/utils/oidc/persistOidcSettings";
 
 describe("persist OIDC settings", () => {
-    beforeEach(() => {
-        jest.spyOn(sessionStorage.__proto__, "getItem").mockClear().mockReturnValue(null);
+    jest.spyOn(Storage.prototype, "getItem");
+    jest.spyOn(Storage.prototype, "setItem");
 
-        jest.spyOn(sessionStorage.__proto__, "setItem").mockClear();
+    beforeEach(() => {
+        localStorage.clear();
     });
 
     const clientId = "test-client-id";
@@ -45,20 +46,17 @@ describe("persist OIDC settings", () => {
     describe("persistOidcAuthenticatedSettings", () => {
         it("should set clientId and issuer in session storage", () => {
             persistOidcAuthenticatedSettings(clientId, issuer, idTokenClaims);
-            expect(sessionStorage.setItem).toHaveBeenCalledWith("mx_oidc_client_id", clientId);
-            expect(sessionStorage.setItem).toHaveBeenCalledWith("mx_oidc_token_issuer", issuer);
-            expect(sessionStorage.setItem).toHaveBeenCalledWith(
-                "mx_oidc_id_token_claims",
-                JSON.stringify(idTokenClaims),
-            );
+            expect(localStorage.setItem).toHaveBeenCalledWith("mx_oidc_client_id", clientId);
+            expect(localStorage.setItem).toHaveBeenCalledWith("mx_oidc_token_issuer", issuer);
+            expect(localStorage.setItem).toHaveBeenCalledWith("mx_oidc_id_token_claims", JSON.stringify(idTokenClaims));
         });
     });
 
     describe("getStoredOidcTokenIssuer()", () => {
         it("should return issuer from session storage", () => {
-            jest.spyOn(sessionStorage.__proto__, "getItem").mockReturnValue(issuer);
+            localStorage.setItem("mx_oidc_token_issuer", issuer);
             expect(getStoredOidcTokenIssuer()).toEqual(issuer);
-            expect(sessionStorage.getItem).toHaveBeenCalledWith("mx_oidc_token_issuer");
+            expect(localStorage.getItem).toHaveBeenCalledWith("mx_oidc_token_issuer");
         });
 
         it("should return undefined when no issuer in session storage", () => {
@@ -68,9 +66,9 @@ describe("persist OIDC settings", () => {
 
     describe("getStoredOidcClientId()", () => {
         it("should return clientId from session storage", () => {
-            jest.spyOn(sessionStorage.__proto__, "getItem").mockReturnValue(clientId);
+            localStorage.setItem("mx_oidc_client_id", clientId);
             expect(getStoredOidcClientId()).toEqual(clientId);
-            expect(sessionStorage.getItem).toHaveBeenCalledWith("mx_oidc_client_id");
+            expect(localStorage.getItem).toHaveBeenCalledWith("mx_oidc_client_id");
         });
         it("should throw when no clientId in session storage", () => {
             expect(() => getStoredOidcClientId()).toThrow("Oidc client id not found in storage");
@@ -79,9 +77,9 @@ describe("persist OIDC settings", () => {
 
     describe("getStoredOidcIdTokenClaims()", () => {
         it("should return issuer from session storage", () => {
-            jest.spyOn(sessionStorage.__proto__, "getItem").mockReturnValue(JSON.stringify(idTokenClaims));
+            localStorage.setItem("mx_oidc_id_token_claims", JSON.stringify(idTokenClaims));
             expect(getStoredOidcIdTokenClaims()).toEqual(idTokenClaims);
-            expect(sessionStorage.getItem).toHaveBeenCalledWith("mx_oidc_id_token_claims");
+            expect(localStorage.getItem).toHaveBeenCalledWith("mx_oidc_id_token_claims");
         });
 
         it("should return undefined when no issuer in session storage", () => {