diff --git a/apps/services/auth/admin-api/src/app/v2/delegations/delegation-admin.controller.ts b/apps/services/auth/admin-api/src/app/v2/delegations/delegation-admin.controller.ts index 8d218b31cd26..6b40704775ec 100644 --- a/apps/services/auth/admin-api/src/app/v2/delegations/delegation-admin.controller.ts +++ b/apps/services/auth/admin-api/src/app/v2/delegations/delegation-admin.controller.ts @@ -33,8 +33,15 @@ import { DelegationAdminScopes } from '@island.is/auth/scopes' import { isDefined } from '@island.is/shared/utils' const namespace = '@island.is/auth/delegation-admin' + const ZENDESK_WEBHOOK_SECRET_GENERAL_MANDATE = - process.env.ZENDESK_WEBHOOK_SECRET_GENERAL_MANDATE ?? '' + process.env.ZENDESK_WEBHOOK_SECRET_GENERAL_MANDATE + +if (!ZENDESK_WEBHOOK_SECRET_GENERAL_MANDATE) { + throw new Error( + 'Environment variable ZENDESK_WEBHOOK_SECRET_GENERAL_MANDATE must be set', + ) +} @UseGuards(IdsUserGuard, ScopesGuard) @ApiTags('delegation-admin') @@ -100,12 +107,12 @@ export class DelegationAdminController { @UseGuards(ZendeskAuthGuard(ZENDESK_WEBHOOK_SECRET_GENERAL_MANDATE)) @Post('/zendesk') @Documentation({ - response: { status: 200, type: DelegationDTO }, + response: { status: 200 }, }) - createByZendeskId( + async createByZendeskId( @Body() { id }: ZendeskWebhookInputDto, - ): Promise { - return this.delegationAdminService.createDelegationByZendeskId(id) + ): Promise { + await this.delegationAdminService.createDelegationByZendeskId(id) } @Delete(':delegationId') diff --git a/libs/auth-api-lib/src/lib/delegations/admin/delegation-admin-custom.service.ts b/libs/auth-api-lib/src/lib/delegations/admin/delegation-admin-custom.service.ts index 9da454cb1df2..bf7d213c1a56 100644 --- a/libs/auth-api-lib/src/lib/delegations/admin/delegation-admin-custom.service.ts +++ b/libs/auth-api-lib/src/lib/delegations/admin/delegation-admin-custom.service.ts @@ -153,7 +153,7 @@ export class DelegationAdminCustomService { } } - async createDelegationByZendeskId(zendeskId: string): Promise { + async createDelegationByZendeskId(zendeskId: string): Promise { const zendeskCase = await this.zendeskService.getTicket(zendeskId) const { fromReferenceId, toReferenceId, validTo, createdByNationalId } = @@ -168,15 +168,13 @@ export class DelegationAdminCustomService { this.verifyZendeskTicket(zendeskCase, fromReferenceId, toReferenceId) - const newDelegation = await this.insertDelegation({ + await this.insertDelegation({ fromNationalId: fromReferenceId, toNationalId: toReferenceId, referenceId: zendeskId, validTo: this.formatZendeskDate(validTo), createdBy: createdByNationalId, }) - - return newDelegation.toDTO(AuthDelegationType.GeneralMandate) } async createDelegation( @@ -352,6 +350,13 @@ export class DelegationAdminCustomService { const [day, month, year] = date.split('.').map(Number) + if (!day || !month || !year || isNaN(day) || isNaN(month) || isNaN(year)) { + throw new BadRequestException({ + message: 'Invalid date format in Zendesk ticket', + error: ErrorCodes.INVALID_DATE_FORMAT, + }) + } + return new Date(year, month - 1, day) } } diff --git a/libs/auth-nest-tools/src/lib/zendeskAuth.guard.ts b/libs/auth-nest-tools/src/lib/zendeskAuth.guard.ts index 834d0fa2feae..649b2bb90392 100644 --- a/libs/auth-nest-tools/src/lib/zendeskAuth.guard.ts +++ b/libs/auth-nest-tools/src/lib/zendeskAuth.guard.ts @@ -4,7 +4,13 @@ import * as crypto from 'crypto' const SIGNING_SECRET_ALGORITHM = 'sha256' -export function ZendeskAuthGuard(signingSecret: string): Type { +export function ZendeskAuthGuard( + signingSecret: string | undefined, +): Type { + if (!signingSecret) { + throw new Error('Signing secret must be set') + } + @Injectable() class ZendeskAuthGuardMixin implements CanActivate { canActivate(context: ExecutionContext): boolean { @@ -20,13 +26,16 @@ export function ZendeskAuthGuard(signingSecret: string): Type { return this.isValidSignature(signature, body, timestamp) } - + isValidSignature( signature: string, body: string, timestamp: string, ): boolean { - const hmac = crypto.createHmac(SIGNING_SECRET_ALGORITHM, signingSecret) + const hmac = crypto.createHmac( + SIGNING_SECRET_ALGORITHM, + signingSecret as string, + ) const sig = hmac.update(timestamp + body).digest('base64') return Buffer.compare(Buffer.from(signature), Buffer.from(sig)) === 0 diff --git a/libs/shared/utils/src/lib/errorCodes.ts b/libs/shared/utils/src/lib/errorCodes.ts index d0ec30392c07..54ed91b8d870 100644 --- a/libs/shared/utils/src/lib/errorCodes.ts +++ b/libs/shared/utils/src/lib/errorCodes.ts @@ -5,4 +5,5 @@ export enum ErrorCodes { ZENDESK_STATUS = 'ZENDESK_STATUS', INPUT_VALIDATION_SAME_NATIONAL_ID = 'INPUT_VALIDATION_SAME_NATIONAL_ID', INPUT_VALIDATION_INVALID_PERSON = 'INPUT_VALIDATION_INVALID_PERSON', + INVALID_DATE_FORMAT = 'INVALID_DATE_FORMAT', }