Merge pull request #2298 from zowe/feat/imperative/jwt-token-expiration

feat(ProfileInfo): JWT token expiration detection
zowe · Oct 10, 2024 · ad015e0 · ad015e0
2 parents a4b4d45 + 7e1b0ab
commit ad015e0
Show file tree

Hide file tree

Showing 5 changed files with 272 additions and 58 deletions.
diff --git a/packages/imperative/CHANGELOG.md b/packages/imperative/CHANGELOG.md
@@ -2,6 +2,11 @@
 
 All notable changes to the Imperative package will be documented in this file.
 
+## Recent Changes
+
+- Enhancement: Use the new SDK method `ConfigUtils.hasTokenExpired` to check whether a given JSON web token has expired. [#2298](https://github.com/zowe/zowe-cli/pull/2298)
+- Enhancement: Use the new SDK method `ProfileInfo.hasTokenExpiredForProfile` to check whether the JSON web token has expired for a specified profile. [#2298](https://github.com/zowe/zowe-cli/pull/2298)
+
 ## `8.1.2`
 
 - BugFix: Fixed issues flagged by Coverity [#2291](https://github.com/zowe/zowe-cli/pull/2291)
@@ -24,16 +29,17 @@ All notable changes to the Imperative package will be documented in this file.
 - Update: Final prerelease
 - Update: See `5.27.1` for details
 
-
 ## `8.0.0-next.202408301809`
 
 - LTS Breaking: Removed the following obsolete V1 profile classes/functions:
+
   - `CliProfileManager`
   - `CliUtils.getOptValueFromProfiles`
   - `CommandProfiles`
   - `ProfileValidator`
 
   See [`8.0.0-next.202408271330`](#800-next202408271330) for replacements
+
 - Next Breaking: Changed 2nd parameter of `CliUtils.getOptValuesFromConfig` method from type `ICommandDefinition` to `ICommandProfile`.
 - Next Breaking: Renamed `ConfigSecure.secureFieldsForLayer` method to `securePropsForLayer`.
 
@@ -213,6 +219,7 @@ All notable changes to the Imperative package will be documented in this file.
 - BugFix: Updated debugging output for technical currency. [#2100](https://github.com/zowe/zowe-cli/pull/2100)
 
 ## `8.0.0-next.202403141949`
+
 - LTS Breaking: Modified the @zowe/imperative SDK [#1703](https://github.com/zowe/zowe-cli/issues/1703)
   - Renamed class ProfileIO to V1ProfileConversion.
     - Removed the following obsolete V1 profile functions:
@@ -247,8 +254,11 @@ All notable changes to the Imperative package will be documented in this file.
 - Enhancement: Replaced the term "Team configuration" with "Zowe client configuration" in the `zowe config report-env` command.
 
 - LTS Breaking: [#1703](https://github.com/zowe/zowe-cli/issues/1703)
+
   - Removed the following obsolete V1 profile interfaces:
+
     - @zowe/cli-test-utils
+
       - ISetupEnvironmentParms.createOldProfiles
 
     - @zowe/imperative
@@ -277,16 +287,20 @@ All notable changes to the Imperative package will be documented in this file.
       - IValidateProfileWithSchema
 
   - Removed the following obsolete V1 profile classes/functions:
+
     - @zowe/core-for-zowe-sdk
+
       - File ProfileUtils.ts, which includes these functions:
         - getDefaultProfile
         - getZoweDir - moved to ProfileInfo.getZoweDir
 
     - @zowe/cli-test-utils
+
       - TempTestProfiles.forceOldProfiles
       - TestUtils.stripProfileDeprecationMessages
 
     - @zowe/imperative
+
       - AbstractProfileManager
         - Any remaining functions consolidated into CliProfileManager
       - AbstractProfileManagerFactory
@@ -336,10 +350,11 @@ All notable changes to the Imperative package will be documented in this file.
         - To detect if only V1 profiles exist, use ProfileInfo.onlyV1ProfilesExist
 
     - @zowe/zos-uss-for-zowe-sdk
-        - SshBaseHandler
-            - Removed the unused, protected property ‘mSshProfile’
+      - SshBaseHandler
+        - Removed the unused, protected property ‘mSshProfile’
 
   - Removed the following obsolete V1 profile constants:
+
     - @zowe/imperative
       - CoreMessages class
         - createProfileCommandSummary
@@ -447,7 +462,6 @@ All notable changes to the Imperative package will be documented in this file.
 - Enhancement: Added `name-only` alias to `root` on `config list` command [#1797](https://github.com/zowe/zowe-cli/issues/1797)
 - BugFix: Resolved technical currency by updating `socks` transitive dependency
 
-
 ## `8.0.0-next.202401191954`
 
 - LTS Breaking: Removed the following:
@@ -659,8 +673,8 @@ All notable changes to the Imperative package will be documented in this file.
 
 - Enhancement: Added the function IO.giveAccessOnlyToOwner to restrict access to only the currently running user ID.
 - Enhancement: Enable command arguments to change `{$Prefix}_EDITOR`. Updating IDiffOptions
-to include names for the files that are to be compared. Updating IO.getDefaultTextEditor() for different os versions. Updating return value types for `CliUtils.readPrompt`. Changes made to support recent zowe cli work:
-[zowe-cli#1672](https://github.com/zowe/zowe-cli/pull/1672)
+  to include names for the files that are to be compared. Updating IO.getDefaultTextEditor() for different os versions. Updating return value types for `CliUtils.readPrompt`. Changes made to support recent zowe cli work:
+  [zowe-cli#1672](https://github.com/zowe/zowe-cli/pull/1672)
 
 ## `5.13.2`
 
@@ -881,7 +895,7 @@ to include names for the files that are to be compared. Updating IO.getDefaultTe
 ## `5.1.0`
 
 - Enhancement: Introduced flag `--show-inputs-only` to show the inputs of the command
-that would be used if a command were executed.
+  that would be used if a command were executed.
 - Enhancement: Added dark theme to web help that is automatically used when system-wide dark mode is enabled.
 - BugFix: Fixed ProfileInfo API `argTeamConfigLoc` not recognizing secure fields in multi-layer operations. [#800](https://github.com/zowe/imperative/pull/800)
 - BugFix: Fixed ProfileInfo API `updateKnownProperty` possibly storing information in the wrong location due to optional osLoc information. [#800](https://github.com/zowe/imperative/pull/800)
@@ -996,8 +1010,8 @@ that would be used if a command were executed.
 
 - Enhancement: Replaced hidden `--dcd` option used by CommandProcessor in daemon mode with IDaemonResponse object.
 - **Next Breaking**
-    - Changed the "args" type on the `Imperative.parse` method to allow a string array.
-    - Restructured the IDaemonResponse interface to provide information to CommandProcessor.
+  - Changed the "args" type on the `Imperative.parse` method to allow a string array.
+  - Restructured the IDaemonResponse interface to provide information to CommandProcessor.
 
 ## `5.0.0-next.202201061509`
 
@@ -1029,10 +1043,10 @@ that would be used if a command were executed.
 ## `5.0.0-next.202112132158`
 
 - Enhancement: Added an environment variable to control whether or not sensitive data will be masked in the console output.<br/>
-    This behavior excludes any TRACE level logs for both, Imperative.log and AppName.log.<br/>
-    This behavior also excludes properties defined as secure by the plugin developers.<br/>
-    If the schema definition is not found, we will exclude the following properties: user, password, tokenValue, and keyPassphrase.<br/>
-    More information: [zowe/zowe-cli #1106](https://github.com/zowe/zowe-cli/issues/1106)
+  This behavior excludes any TRACE level logs for both, Imperative.log and AppName.log.<br/>
+  This behavior also excludes properties defined as secure by the plugin developers.<br/>
+  If the schema definition is not found, we will exclude the following properties: user, password, tokenValue, and keyPassphrase.<br/>
+  More information: [zowe/zowe-cli #1106](https://github.com/zowe/zowe-cli/issues/1106)
 
 ## `5.0.0-next.202112101814`
 
@@ -1048,7 +1062,7 @@ that would be used if a command were executed.
 - Enhancement: Changed CLI prompt input to be hidden for properties designated as secure in team config. [zowe/zowe-cli#1106](https://github.com/zowe/zowe-cli/issues/1106)
 - BugFix: Improved error message when Keytar module fails to load. [#27](https://github.com/zowe/imperative/issues/27)
 - **Next Breaking**
-    - Removed the `ConfigProfiles.load` API method. Use the methods `ConfigLayers.find` and `ConfigSecure.securePropsForProfile` instead. [#568](https://github.com/zowe/imperative/issues/568)
+  - Removed the `ConfigProfiles.load` API method. Use the methods `ConfigLayers.find` and `ConfigSecure.securePropsForProfile` instead. [#568](https://github.com/zowe/imperative/issues/568)
 
 ## `5.0.0-next.202111301806`
 
@@ -1062,7 +1076,7 @@ that would be used if a command were executed.
 
 - BugFix: Changed credentials to be stored securely by default for v1 profiles to be consistent with the experience for v2 profiles. [zowe/zowe-cli#1128](https://github.com/zowe/zowe-cli/issues/1128)
 - **Next Breaking**
-    - Removed the `credentialServiceName` property from ImperativeConfig. The default credential manager uses the `name` property instead.
+  - Removed the `credentialServiceName` property from ImperativeConfig. The default credential manager uses the `name` property instead.
 
 ## `5.0.0-next.202111101806`
 
@@ -1073,12 +1087,12 @@ that would be used if a command were executed.
 
 - Enhancement: Added `autoStore` property to config JSON files which defaults to true. When this property is enabled and the CLI prompts you to enter connection info, the values you enter will be saved to disk (or credential vault if they are secure) for future use. [zowe/zowe-cli#923](https://github.com/zowe/zowe-cli/issues/923)
 - **Next Breaking**
-    - Changed the default behavior of `Config.set` so that it no longer coerces string values to other types unless the `parseString` option is true.
+  - Changed the default behavior of `Config.set` so that it no longer coerces string values to other types unless the `parseString` option is true.
 
 ## `5.0.0-next.202110201735`
 
 - **LTS Breaking**
-    - Changed the return value of the public `PluginManagementFacility.requirePluginModuleCallback` function
+  - Changed the return value of the public `PluginManagementFacility.requirePluginModuleCallback` function
 - BugFix: Updated the profiles list as soon as the plugin is installed.
 
 ## `5.0.0-next.202110191937`
@@ -1090,7 +1104,7 @@ that would be used if a command were executed.
 - Enhancement: Added `config update-schemas [--depth <value>]` command. [zowe/zowe-cli#1059](https://github.com/zowe/zowe-cli/issues/1059)
 - Enhancement: Added the ability to update the global schema file when installing a new plugin. [zowe/zowe-cli#1059](https://github.com/zowe/zowe-cli/issues/1059)
 - **Next Breaking**
-    - Renamed public static function ConfigSchemas.loadProfileSchemas to ConfigSchemas.loadSchema
+  - Renamed public static function ConfigSchemas.loadProfileSchemas to ConfigSchemas.loadSchema
 
 ## `5.0.0-next.202110011948`
 
@@ -1129,13 +1143,13 @@ that would be used if a command were executed.
 - Enhancement: Better support for comments in JSON
 - Bugfix: Revert schema changes related to additionalProperties. Re-enable IntelliSense when editing zowe.config.json files
 - **Next Breaking**
-    - Changed the schema paths and updated schema version
+  - Changed the schema paths and updated schema version
 
 ## `5.0.0-next.202106221817`
 
 - **Next Breaking**
-    - Replaced --user with --user-config on all config command groups due to conflict with --user option during config auto-initialization
-    - Replaced --global with --global-config on all config command groups for consistency
+  - Replaced --user with --user-config on all config command groups due to conflict with --user option during config auto-initialization
+  - Replaced --global with --global-config on all config command groups for consistency
 
 ## `5.0.0-next.202106212048`
 
@@ -1144,16 +1158,16 @@ that would be used if a command were executed.
 ## `5.0.0-next.202106041929`
 
 - **LTS Breaking**: Removed the following previously deprecated items:
-    - ICliLoadProfile.ICliILoadProfile -- use ICliLoadProfile.ICliLoadProfile
-    - IImperativeErrorParms.suppressReport -- has not been used since 10/17/2018
-    - IImperativeConfig.pluginBaseCliVersion -- has not been used since version 1.0.1
-    - AbstractRestClient.performRest -- use AbstractRestClient.request
-    - AbstractSession.HTTP_PROTOCOL -- use SessConstants.HTTP_PROTOCOL
-    - AbstractSession.HTTPS_PROTOCOL -- use SessConstants.HTTPS_PROTOCOL
-    - AbstractSession.TYPE_NONE -- use SessConstants.AUTH_TYPE_NONE
-    - AbstractSession.TYPE_BASIC -- use SessConstants.AUTH_TYPE_BASIC
-    - AbstractSession.TYPE_BEARER -- use SessConstants.AUTH_TYPE_BEARER
-    - AbstractSession.TYPE_TOKEN -- use SessConstants.AUTH_TYPE_TOKEN
+  - ICliLoadProfile.ICliILoadProfile -- use ICliLoadProfile.ICliLoadProfile
+  - IImperativeErrorParms.suppressReport -- has not been used since 10/17/2018
+  - IImperativeConfig.pluginBaseCliVersion -- has not been used since version 1.0.1
+  - AbstractRestClient.performRest -- use AbstractRestClient.request
+  - AbstractSession.HTTP_PROTOCOL -- use SessConstants.HTTP_PROTOCOL
+  - AbstractSession.HTTPS_PROTOCOL -- use SessConstants.HTTPS_PROTOCOL
+  - AbstractSession.TYPE_NONE -- use SessConstants.AUTH_TYPE_NONE
+  - AbstractSession.TYPE_BASIC -- use SessConstants.AUTH_TYPE_BASIC
+  - AbstractSession.TYPE_BEARER -- use SessConstants.AUTH_TYPE_BEARER
+  - AbstractSession.TYPE_TOKEN -- use SessConstants.AUTH_TYPE_TOKEN
 
 ## `5.0.0-next.202104262004`
 
@@ -1167,14 +1181,14 @@ that would be used if a command were executed.
 ## `5.0.0-next.202104071400`
 
 - Enhancement: Add the ProfileInfo API to provide the following functionality:
-    - Read configuration from disk.
-    - Transparently read either a new team configuration or old style profiles.
-    - Resolve order of precedence for profile argument values.
-    - Provide information to enable callers to prompt for missing profile arguments.
-    - Retain the location in which a profile or argument was found.
-    - Automatically initialize CredentialManager, including an option to specify a custom keytar module.
-    - Provide a means to postpone the loading of secure arguments until specifically requested by the calling app to delay loading sensitive data until it is needed.
-    - Provide access to the lower-level Config API to fully manipulate the team configuration file.
+  - Read configuration from disk.
+  - Transparently read either a new team configuration or old style profiles.
+  - Resolve order of precedence for profile argument values.
+  - Provide information to enable callers to prompt for missing profile arguments.
+  - Retain the location in which a profile or argument was found.
+  - Automatically initialize CredentialManager, including an option to specify a custom keytar module.
+  - Provide a means to postpone the loading of secure arguments until specifically requested by the calling app to delay loading sensitive data until it is needed.
+  - Provide access to the lower-level Config API to fully manipulate the team configuration file.
 
 ## `5.0.0-next.202103111923`
 
@@ -1199,7 +1213,7 @@ that would be used if a command were executed.
 
 ## `5.0.0-next.202010161240`
 
-- Enhancement:  Allow process exit code to be passed to daemon clients.
+- Enhancement: Allow process exit code to be passed to daemon clients.
 
 ## `5.0.0-next.202009251501`
 
@@ -1377,25 +1391,25 @@ that would be used if a command were executed.
 - Add the --dd flag to profile creation to allow the profile to be created without the default values specified for that profile.
 - Use a token for authentication if a token is present in the underlying REST session object.
 - Added a new ConnectionPropsForSessCfg.addPropsOrPrompt function that places credentials (including a possible token) into a session configuration object.
-    - Plugins must use this function to create their sessions to gain the features of automatic token-handling and prompting for missing connection options.
-    - Connection information is obtained from the command line, environment variables, a service profile, a base profile, or from an option's default value in a service profile's definition, in that order.
-    - If key connection information is not supplied to any cor Zowe command, the command will prompt for:
-        -  host
-        -  port
-        -  user
-        -  and password
-    - Any prompt will timeout after 30 seconds so that it will not hang an automated script.
+  - Plugins must use this function to create their sessions to gain the features of automatic token-handling and prompting for missing connection options.
+  - Connection information is obtained from the command line, environment variables, a service profile, a base profile, or from an option's default value in a service profile's definition, in that order.
+  - If key connection information is not supplied to any cor Zowe command, the command will prompt for:
+    - host
+    - port
+    - user
+    - and password
+  - Any prompt will timeout after 30 seconds so that it will not hang an automated script.
 - Add base profiles, a new type of profile which can store values shared between profiles of other types.
-    - The properties that are currently recognized in a base profile are:
-        - host
-        - port
-        - user
-        - password
-        - rejectUnauthorized
-        - tokenType
-        - tokenValue
-    - To use base profiles in an Imperative-based CLI, define a `baseProfile` schema on your Imperative configuration object.
-    - If the `baseProfile` schema is defined, base profile support will be added to any command that uses profiles.
+  - The properties that are currently recognized in a base profile are:
+    - host
+    - port
+    - user
+    - password
+    - rejectUnauthorized
+    - tokenType
+    - tokenValue
+  - To use base profiles in an Imperative-based CLI, define a `baseProfile` schema on your Imperative configuration object.
+  - If the `baseProfile` schema is defined, base profile support will be added to any command that uses profiles.
 - Due to new options (like tokenValue) help text will change. Plugin developers may have to update any mismatched snapshots in their automated tests.
 - Updated the version of TypeScript from 3.7.4 to 3.8.0.
 - Updated the version of TSLint from 5.x to 6.1.2.

diff --git a/packages/imperative/src/config/__tests__/ConfigUtils.unit.test.ts b/packages/imperative/src/config/__tests__/ConfigUtils.unit.test.ts
@@ -366,4 +366,38 @@ describe("Config Utils", () => {
             expect(writeFileSyncMock).toHaveBeenCalled();
         });
     });
+
+    describe("hasTokenExpired", () => {
+        it("returns false if an error occurred during parsing", async () => {
+            const jsonParseSpy = jest.spyOn(JSON, "parse").mockImplementation(() => {
+                throw new Error("Unknown error while parsing JSON");
+            });
+            expect(ConfigUtils.hasTokenExpired("HEADER.PAYLOAD.SIGNATURE")).toBe(false);
+            expect(jsonParseSpy).toHaveBeenCalled();
+        });
+
+        it("returns true if a JWT token is present and has expired", async () => {
+            const jsonParseSpy = jest.spyOn(JSON, "parse").mockReturnValue({
+                exp: 1000000000,
+            });
+            expect(ConfigUtils.hasTokenExpired("HEADER.PAYLOAD.SIGNATURE")).toBe(true);
+            expect(jsonParseSpy).toHaveBeenCalled();
+        });
+
+        it("returns false if a JWT payload can be parsed, but doesn't contain the exp property", async () => {
+            const jsonParseSpy = jest.spyOn(JSON, "parse").mockReturnValue({
+                iat: 1000000000,
+            });
+            expect(ConfigUtils.hasTokenExpired("HEADER.PAYLOAD.SIGNATURE")).toBe(false);
+            expect(jsonParseSpy).toHaveBeenCalled();
+        });
+
+        it("returns false if a JWT token is present and has not expired", async () => {
+            const jsonParseSpy = jest.spyOn(JSON, "parse").mockReturnValue({
+                exp: 5000000000,
+            });
+            expect(ConfigUtils.hasTokenExpired("HEADER.PAYLOAD.SIGNATURE")).toBe(false);
+            expect(jsonParseSpy).toHaveBeenCalled();
+        });
+    });
 });