refactor: remove lodash dependency (panva#743)

.github/workflows/test.yml

@@ -33,7 +33,7 @@ jobs:
           - 10
           - 12.0.0
           - 12
-          - 13.0.0
+          - 13.7.0
           - 13
           - 14.0.0
           - 14

certification/oidc.js

@@ -2,7 +2,6 @@
 
 const path = require('path');
 
-const set = require('lodash/set');
 const render = require('koa-ejs');
 const helmet = require('koa-helmet');
 
@@ -67,8 +66,8 @@ let server;
 
   if (process.env.NODE_ENV === 'production') {
     provider.proxy = true;
-    set(configuration, 'cookies.short.secure', true);
-    set(configuration, 'cookies.long.secure', true);
+    configuration.cookies.short.secure = true;
+    configuration.cookies.long.secure = true;
 
     provider.use(async (ctx, next) => {
       if (ctx.secure) {

docs/README.md

@@ -1065,7 +1065,7 @@ Enables Token Introspection features
 _**default value**_:
 ```js
 {
-  allowedPolicy: [AsyncFunction: allowedPolicy], // see expanded details below
+  allowedPolicy: [AsyncFunction: introspectionAllowedPolicy], // see expanded details below
   enabled: false
 }
 ```
@@ -1080,7 +1080,7 @@ Helper function used to determine whether the client/RS (client argument) is all
 
 _**default value**_:
 ```js
-async function allowedPolicy(ctx, client, token) {
+async function introspectionAllowedPolicy(ctx, client, token) {
   if (client.introspectionEndpointAuthMethod === 'none' && token.clientId !== ctx.oidc.client.clientId) {
     return false;
   }
@@ -1611,7 +1611,7 @@ Enables the use of `resource` parameter for the authorization and token endpoint
 _**default value**_:
 ```js
 {
-  allowedPolicy: [AsyncFunction: allowedPolicy], // see expanded details below
+  allowedPolicy: [AsyncFunction: resourceIndicatorsAllowedPolicy], // see expanded details below
   enabled: false
 }
 ```
@@ -1676,7 +1676,7 @@ _**recommendation**_: Only allow pre-registered resource values, to pre-register
 
 _**default value**_:
 ```js
-async function allowedPolicy(ctx, resources, client) {
+async function resourceIndicatorsAllowedPolicy(ctx, resources, client) {
   return true;
 }
 ```
@@ -1711,7 +1711,7 @@ _**default value**_:
 {
   enabled: false,
   keepHeaders: false,
-  scriptNonce: [Function: scriptNonce] // see expanded details below
+  scriptNonce: [Function: sessionManagementScriptNonce] // see expanded details below
 }
 ```
 
@@ -1737,7 +1737,7 @@ When using `nonce-{random}` CSP policy use this helper function to resolve a non
 
 _**default value**_:
 ```js
-function scriptNonce(ctx) {
+function sessionManagementScriptNonce(ctx) {
   return undefined;
 }
 ```
@@ -1771,7 +1771,7 @@ _**default value**_:
 ```js
 {
   enabled: false,
-  scriptNonce: [Function: scriptNonce] // see expanded details below
+  scriptNonce: [Function: webMessageResponseModeScriptNonce] // see expanded details below
 }
 ```
 
@@ -1785,7 +1785,7 @@ When using `nonce-{random}` CSP policy use this helper function to resolve a non
 
 _**default value**_:
 ```js
-function scriptNonce(ctx) {
+function webMessageResponseModeScriptNonce(ctx) {
   return undefined;
 }
 ```
@@ -2105,7 +2105,7 @@ validator function that will be executed in order once for every property define
 
 _**default value**_:
 ```js
-function validator(key, value, metadata, ctx) {
+function extraClientMetadataValidator(key, value, metadata, ctx) {
   // @param key - the client metadata property name
   // @param value - the property value
   // @param metadata - the current accumulated client metadata
@@ -2709,7 +2709,7 @@ Function used to determine where to redirect User-Agent for necessary interactio
 
 _**default value**_:
 ```js
-async function url(ctx, interaction) {
+async function interactionsUrl(ctx, interaction) {
   return `/interaction/${ctx.oidc.uid}`;
 }
 ```
@@ -2832,7 +2832,7 @@ Configures if and when the OP requires clients to use PKCE. This helper is calle
 
 _**default value**_:
 ```js
-function required(ctx, client) {
+function pkceRequired(ctx, client) {
   return client.applicationType === 'native';
 }
 ```
@@ -3061,7 +3061,7 @@ _**default value**_:
   ClientCredentials: 600,
   DeviceCode: 600,
   IdToken: 3600,
-  RefreshToken: function RefreshToken(ctx, token, client) {
+  RefreshToken: function RefreshTokenTTL(ctx, token, client) {
     if (
       ctx && ctx.oidc.entities.RotatedRefreshToken
       && client.applicationType === 'web'

docs/update-configuration.js

@@ -4,11 +4,11 @@ const { createInterface: readline } = require('readline');
 const { inspect } = require('util');
 const { createReadStream, writeFileSync, readFileSync } = require('fs');
 
-const get = require('lodash/get');
-const words = require('lodash/words');
+const get = require('lodash/get'); // eslint-disable-line import/no-extraneous-dependencies
+const words = require('lodash/words'); // eslint-disable-line import/no-extraneous-dependencies
 
 const docs = require('../lib/helpers/docs');
-const values = require('../lib/helpers/defaults');
+const values = require('../lib/helpers/defaults')();
 
 values.ttl.RefreshToken[inspect.custom] = () => (
   values.ttl.RefreshToken.toString()

example/routes/koa.js

@@ -8,7 +8,7 @@ const isEmpty = require('lodash/isEmpty');
 const bodyParser = require('koa-body');
 const Router = require('koa-router');
 
-const { renderError } = require('../../lib/helpers/defaults'); // make your own, you'll need it anyway
+const { renderError } = require('../../lib/helpers/defaults')(); // make your own, you'll need it anyway
 const Account = require('../support/account');
 
 const keys = new Set();

lib/actions/authorization/assign_claims.js

@@ -1,19 +1,11 @@
-const merge = require('lodash/merge');
-
+const merge = require('../../helpers/_/merge');
 const instance = require('../../helpers/weak_cache');
 
 /*
- * If claims parameter is provided and supported handles its validation
- * - should not be combined with rt none
- * - should be JSON serialized object with id_token or userinfo properties as objects
- * - claims.userinfo should not be used if authorization result is not access_token
- *
  * Merges requested claims with auth_time as requested if max_age is provided or require_auth_time
  * is configured for the client.
  *
  * Merges requested claims with acr as requested if acr_values is provided
- *
- * @throws: invalid_request
  */
 module.exports = function assignClaims(ctx, next) {
   const { params } = ctx.oidc;
@@ -22,6 +14,7 @@ module.exports = function assignClaims(ctx, next) {
     ctx.oidc.claims = JSON.parse(params.claims);
   }
 
+  // TODO: add test for auth_time being present in the ID Token for these cases
   if (params.max_age !== undefined || ctx.oidc.client.requireAuthTime || ctx.oidc.prompts.has('login')) {
     merge(ctx.oidc.claims, { id_token: { auth_time: { essential: true } } });
   }

lib/actions/authorization/check_claims.js

@@ -1,7 +1,6 @@
-const isPlainObject = require('lodash/isPlainObject');
-
 const { InvalidRequest } = require('../../helpers/errors');
 const instance = require('../../helpers/weak_cache');
+const isPlainObject = require('../../helpers/_/is_plain_object');
 
 /*
  * If claims parameter is provided and supported handles its validation

lib/actions/authorization/check_scope.js

@@ -1,5 +1,3 @@
-const pull = require('lodash/pull');
-
 const instance = require('../../helpers/weak_cache');
 const { InvalidScope } = require('../../helpers/errors');
 const { DYNAMIC_SCOPE_LABEL } = require('../../consts');
@@ -57,7 +55,7 @@ module.exports = function checkScope(PARAM_LIST, ctx, next) {
       || !prompts.has('consent')
       || !client.grantTypeAllowed('refresh_token')
     ) {
-      pull(scopes, 'offline_access');
+      scopes.splice(scopes.indexOf('offline_access'), 1);
     }
   }
 

lib/actions/authorization/device_user_flow_response.js

@@ -1,4 +1,3 @@
-const has = require('lodash/has');
 const debug = require('debug')('oidc-provider:authentication:success');
 
 const instance = require('../../helpers/weak_cache');
@@ -29,7 +28,7 @@ module.exports = async function deviceVerificationResponse(ctx, next) {
     ctx.oidc.session.authorizationFor(ctx.oidc.client.clientId).persistsLogout = true;
   }
 
-  if (ctx.oidc.client.includeSid() || has(ctx.oidc.claims, 'id_token.sid')) {
+  if (ctx.oidc.client.includeSid() || (ctx.oidc.claims.id_token && 'sid' in ctx.oidc.claims.id_token)) {
     code.sid = ctx.oidc.session.sidFor(ctx.oidc.client.clientId);
   }
 

lib/actions/authorization/interactions.js

@@ -1,13 +1,12 @@
 const url = require('url');
 
-const camelCase = require('lodash/camelCase');
-const assign = require('lodash/assign');
-const upperFirst = require('lodash/upperFirst');
 const Debug = require('debug');
 
 const started = new Debug('oidc-provider:authentication:interrupted');
 const accepted = new Debug('oidc-provider:authentication:accepted');
 
+const upperFirst = require('../../helpers/_/upper_first');
+const camelCase = require('../../helpers/_/camel_case');
 const ssHandler = require('../../helpers/samesite_handler');
 const errors = require('../../helpers/errors');
 const instance = require('../../helpers/weak_cache');
@@ -35,11 +34,11 @@ module.exports = async function interactions(resumeRouteName, ctx, next) {
     }))).filter(Boolean);
 
     if (results.length) {
-      results = assign({}, ...results);
+      results = Object.assign({}, ...results);
       prompt = {
         name,
         reasons: Object.keys(results),
-        details: assign(
+        details: Object.assign(
           {},
           await promptDetails(ctx),
           ...Object.values(results).map((r) => r.details),

lib/actions/authorization/process_request_object.js

@@ -1,9 +1,7 @@
-const isPlainObject = require('lodash/isPlainObject');
-const assign = require('lodash/assign');
-
 const JWT = require('../../helpers/jwt');
 const instance = require('../../helpers/weak_cache');
 const { InvalidRequest, InvalidRequestObject, OIDCProviderError } = require('../../helpers/errors');
+const isPlainObject = require('../../helpers/_/is_plain_object');
 
 const checkResponseMode = require('./check_response_mode');
 
@@ -203,7 +201,7 @@ module.exports = async function processRequestObject(PARAM_LIST, rejectDupesMidd
   switch (conf('features.requestObjects.mergingStrategy.name')) {
     case 'lax':
       // use all values from OAuth 2.0 unless they're in the Request Object
-      assign(params, request);
+      Object.assign(params, request);
       break;
     case 'strict':
       Object.keys(params).forEach((key) => {

lib/actions/authorization/process_response_types.js

@@ -1,6 +1,3 @@
-const get = require('lodash/get');
-const has = require('lodash/has');
-
 const instance = require('../../helpers/weak_cache');
 
 async function tokenHandler(ctx) {
@@ -67,7 +64,7 @@ async function codeHandler(ctx) {
     ctx.oidc.session.authorizationFor(ctx.oidc.client.clientId).persistsLogout = true;
   }
 
-  if (ctx.oidc.client.includeSid() || has(ctx.oidc.claims, 'id_token.sid')) {
+  if (ctx.oidc.client.includeSid() || (ctx.oidc.claims.id_token && 'sid' in ctx.oidc.claims.id_token)) {
     code.sid = ctx.oidc.session.sidFor(ctx.oidc.client.clientId);
   }
 
@@ -82,8 +79,8 @@ async function codeHandler(ctx) {
 
 async function idTokenHandler(ctx) {
   const tokenClaims = ctx.oidc.resolvedClaims();
-  const claims = get(tokenClaims, 'id_token', {});
-  const rejected = get(tokenClaims, 'rejected', []);
+  const claims = tokenClaims.id_token || {};
+  const rejected = tokenClaims.rejected || [];
   const idToken = new ctx.oidc.provider.IdToken({
     ...await ctx.oidc.account.claims('id_token', ctx.oidc.acceptedScope(), claims, rejected),
     acr: ctx.oidc.acr,
@@ -110,7 +107,7 @@ async function idTokenHandler(ctx) {
 
   idToken.set('nonce', ctx.oidc.params.nonce);
 
-  if (ctx.oidc.client.includeSid() || has(ctx.oidc.claims, 'id_token.sid')) {
+  if (ctx.oidc.client.includeSid() || (ctx.oidc.claims.id_token && 'sid' in ctx.oidc.claims.id_token)) {
     idToken.set('sid', ctx.oidc.session.sidFor(ctx.oidc.client.clientId));
   }
 

lib/actions/authorization/resume.js

@@ -1,9 +1,8 @@
 const url = require('url');
 
-const upperFirst = require('lodash/upperFirst');
-const camelCase = require('lodash/camelCase');
-const isObjectLike = require('lodash/isObjectLike');
-
+const upperFirst = require('../../helpers/_/upper_first');
+const isPlainObject = require('../../helpers/_/is_plain_object');
+const camelCase = require('../../helpers/_/camel_case');
 const nanoid = require('../../helpers/nanoid');
 const errors = require('../../helpers/errors');
 const instance = require('../../helpers/weak_cache');
@@ -132,7 +131,7 @@ module.exports = async function resumeAction(whitelist, resumeRouteName, ctx, ne
     session.promptedClaimsFor(params.client_id, ctx.oidc.requestParamClaims);
   }
 
-  if (result && isObjectLike(result.meta)) {
+  if (result && isPlainObject(result.meta)) {
     session.metaFor(params.client_id, result.meta);
   }
 

lib/actions/discovery.js

@@ -1,7 +1,6 @@
 /* eslint-disable max-len */
 
-const defaults = require('lodash/defaults');
-
+const defaults = require('../helpers/_/defaults');
 const instance = require('../helpers/weak_cache');
 const { DYNAMIC_SCOPE_LABEL } = require('../consts');
 

lib/actions/grants/authorization_code.js

@@ -1,4 +1,3 @@
-const get = require('lodash/get');
 const uidToGrantId = require('debug')('oidc-provider:uid');
 
 const { InvalidGrant } = require('../../helpers/errors');
@@ -153,8 +152,8 @@ module.exports.handler = async function authorizationCodeHandler(ctx, next) {
 
   let idToken;
   if (code.scopes.has('openid')) {
-    const claims = get(code, 'claims.id_token', {});
-    const rejected = get(code, 'claims.rejected', []);
+    const claims = (code.claims && code.claims.id_token) || {};
+    const rejected = (code.claims && code.claims.rejected) || [];
     const token = new IdToken({
       ...await account.claims('id_token', code.scope, claims, rejected),
       acr: code.acr,

lib/actions/grants/device_code.js

@@ -1,8 +1,8 @@
-const camelCase = require('lodash/camelCase');
-const get = require('lodash/get');
-const upperFirst = require('lodash/upperFirst');
 const uidToGrantId = require('debug')('oidc-provider:uid');
 
+const get = require('../../helpers/_/get');
+const upperFirst = require('../../helpers/_/upper_first');
+const camelCase = require('../../helpers/_/camel_case');
 const errors = require('../../helpers/errors');
 const presence = require('../../helpers/validate_presence');
 const instance = require('../../helpers/weak_cache');

lib/actions/grants/refresh_token.js

@@ -1,8 +1,7 @@
-const difference = require('lodash/difference');
-const isEmpty = require('lodash/isEmpty');
-const get = require('lodash/get');
 const uidToGrantId = require('debug')('oidc-provider:uid');
 
+const get = require('../../helpers/_/get');
+const difference = require('../../helpers/_/difference');
 const { InvalidGrant, InvalidScope } = require('../../helpers/errors');
 const presence = require('../../helpers/validate_presence');
 const instance = require('../../helpers/weak_cache');
@@ -63,7 +62,7 @@ module.exports.handler = async function refreshTokenHandler(ctx, next) {
     const requested = ctx.oidc.params.scope.split(' ');
     const missing = difference(requested, refreshTokenScopes);
 
-    if (!isEmpty(missing)) {
+    if (missing.length !== 0) {
       throw new InvalidScope(`refresh token missing requested ${formatters.pluralize('scope', missing.length)}`, missing.join(' '));
     }
   }