duo_web 1.0.0 → 1.0.1

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 7c058b1950046167876439b51f1704b6352f255e
-  data.tar.gz: cb1a60d911a9874e70eefcadb16a4273e339d8f9
+  metadata.gz: 0eb13447a3aed9e9be7a8073b18a54781e174f06
+  data.tar.gz: 952d88272d0e26fe20d254f4f025ba792015c6d2
 SHA512:
-  metadata.gz: c57215b09fc5cc0135347425b65016e8b086962302677faaa12ca09d0c2481f9208228e8a96959ec1fff010dd79e980800dd30ed8223b830bc547603a3ba0d82
-  data.tar.gz: c2733a950b847ab7e66e330d8207d0d64d1676b76cc5a5add8fe4bb0893d98f6a6c2b75e4ed6fe8f6a3a6cd8e18f0f13ac34c778869017cab31cf60452ef157b
+  metadata.gz: d19b8967b13c7a248157d398f57bf428aa2dc01c4159fc07750a99a2ba84f34fa06f8f1bd725518db1ce99b5e5bca3c5328fcac2b7be09a5ecbab443a97bbd79
+  data.tar.gz: b27b8828147e8f8ee78b9dddb22ee5ca80757f53afea04d4ae22a970e15fd795132bd46160e40449907291107b3691f90214b6c391df438993c03a5231a5ce03

data/js/Duo-Web-v2.js

@@ -1,14 +1,41 @@
 /**
  * Duo Web SDK v2
- * Copyright 2015, Duo Security
+ * Copyright 2019, Duo Security
  */
-window.Duo = (function(document, window) {
+
+(function (root, factory) {
+    /*eslint-disable */
+    if (typeof define === 'function' && define.amd) {
+        // AMD. Register as an anonymous module.
+        define([], factory);
+    /*eslint-enable */
+    } else if (typeof module === 'object' && module.exports) {
+        // Node. Does not work with strict CommonJS, but
+        // only CommonJS-like environments that support module.exports,
+        // like Node.
+        module.exports = factory();
+    } else {
+        // Browser globals (root is window)
+        var Duo = factory();
+        // If the Javascript was loaded via a script tag, attempt to autoload
+        // the frame.
+        Duo._onReady(Duo.init);
+
+        // Attach Duo to the `window` object
+        root.Duo = Duo;
+  }
+}(this, function() {
     var DUO_MESSAGE_FORMAT = /^(?:AUTH|ENROLL)+\|[A-Za-z0-9\+\/=]+\|[A-Za-z0-9\+\/=]+$/;
     var DUO_ERROR_FORMAT = /^ERR\|[\w\s\.\(\)]+$/;
-
-    var iframeId = 'duo_iframe',
-        postAction = '',
-        postArgument = 'sig_response',
+    var DUO_OPEN_WINDOW_FORMAT = /^DUO_OPEN_WINDOW\|/;
+    var VALID_OPEN_WINDOW_DOMAINS = [
+        'duo.com',
+        'duosecurity.com',
+        'duomobile.s3-us-west-1.amazonaws.com'
+    ];
+
+    var postAction,
+        postArgument,
         host,
         sigRequest,
         duoSig,
@@ -16,7 +43,30 @@ window.Duo = (function(document, window) {
         iframe,
         submitCallback;
 
-    function throwError(message, url) {
+    // We use this function instead of setting initial values in the var
+    // declarations to make sure the initial values and subsequent
+    // re-initializations are always the same.
+    initializeStatefulVariables();
+
+    /**
+     * Set local variables to whatever they should be before you call init().
+     */
+    function initializeStatefulVariables() {
+        postAction = '';
+        postArgument = 'sig_response';
+        host = undefined;
+        sigRequest = undefined;
+        duoSig = undefined;
+        appSig = undefined;
+        iframe = undefined;
+        submitCallback = undefined;
+    }
+
+    function throwError(message, givenUrl) {
+        var url = (
+            givenUrl ||
+            'https://www.duosecurity.com/docs/duoweb#3.-show-the-iframe'
+        );
         throw new Error(
             'Duo Web SDK error: ' + message +
             (url ? ('\n' + 'See ' + url + ' for more information') : '')
@@ -90,8 +140,7 @@ window.Duo = (function(document, window) {
         if (sig.indexOf(':') === -1 || sig.split(':').length !== 2) {
             throwError(
                 'Duo was given a bad token.  This might indicate a configuration ' +
-                'problem with one of Duo\'s client libraries.',
-                'https://www.duosecurity.com/docs/duoweb#first-steps'
+                'problem with one of Duo\'s client libraries.'
             );
         }
 
@@ -109,30 +158,6 @@ window.Duo = (function(document, window) {
         };
     }
 
-    /**
-     * This function is set up to run when the DOM is ready, if the iframe was
-     * not available during `init`.
-     */
-    function onDOMReady() {
-        iframe = document.getElementById(iframeId);
-
-        if (!iframe) {
-            throw new Error(
-                'This page does not contain an iframe for Duo to use.' +
-                'Add an element like <iframe id="duo_iframe"></iframe> ' +
-                'to this page.  ' +
-                'See https://www.duosecurity.com/docs/duoweb#3.-show-the-iframe ' +
-                'for more information.'
-            );
-        }
-
-        // we've got an iframe, away we go!
-        ready();
-
-        // always clean up after yourself
-        offReady(onDOMReady);
-    }
-
     /**
      * Validate that a MessageEvent came from the Duo service, and that it
      * is a properly formatted payload.
@@ -149,7 +174,8 @@ window.Duo = (function(document, window) {
             typeof event.data === 'string' &&
             (
                 event.data.match(DUO_MESSAGE_FORMAT) ||
-                event.data.match(DUO_ERROR_FORMAT)
+                event.data.match(DUO_ERROR_FORMAT) ||
+                event.data.match(DUO_OPEN_WINDOW_FORMAT)
             )
         );
     }
@@ -175,7 +201,7 @@ window.Duo = (function(document, window) {
      * ```
      *
      * Example using `data-` attributes:
-     * ```
+     * ```html
      * <iframe id="duo_iframe"
      *         data-host="api-main.duo.test"
      *         data-sig-request="..."
@@ -185,17 +211,56 @@ window.Duo = (function(document, window) {
      * </iframe>
      * ```
      *
+     * Some browsers (especially embedded browsers) don't like it when the Duo
+     * Web SDK changes the `src` attribute on the iframe. To prevent this, there
+     * is an alternative way to use the Duo Web SDK:
+     *
+     * Add a div (or any other container element) instead of an iframe to the
+     * DOM with an id of "duo_iframe", or pass that element to the
+     * `iframeContainer` parameter of `Duo.init`. An iframe will be created and
+     * inserted into that container element, preventing `src` change related
+     * bugs. WARNING: All other elements in the container will be deleted.
+     *
+     * The `iframeAttributes` parameter of `Duo.init` is available to set any
+     * attributes on the inserted iframe if the Duo Web SDK is inserting the
+     * iframe. For details, see the parameter documentation below.
+     *
      * @param {Object} options
-     * @param {String} options.iframe                         The iframe, or id of an iframe to set up
-     * @param {String} options.host                           Hostname
-     * @param {String} options.sig_request                    Request token
-     * @param {String} [options.post_action='']               URL to POST back to after successful auth
-     * @param {String} [options.post_argument='sig_response'] Parameter name to use for response token
-     * @param {Function} [options.submit_callback]            If provided, duo will not submit the form instead execute
-     *                                                        the callback function with reference to the "duo_form" form object
-     *                                                        submit_callback can be used to prevent the webpage from reloading.
+     * @param {String} options.host - Hostname for the Duo Prompt.
+     * @param {String} options.sig_request - Request token.
+     * @param {String|HTMLElement} [options.iframe] - The iframe, or id of an
+     *     iframe that will be used for the Duo Prompt. If you don't provide
+     *     this or the `iframeContainer` parameter the Duo Web SDK will default
+     *     to using whatever element has an id of "duo_iframe".
+     * @param {String|HTMLElement} [options.iframeContainer] - The element you
+     *     want the Duo Prompt inserted into, or the id of that element.
+     *     Anything inside this element will be deleted and replaced with an
+     *     iframe hosting the Duo prompt. If you don't provide this or the
+     *     `iframe` parameter the Duo Web SDK will default to using whatever
+     *     element has an id of "duo_iframe".
+     * @param {Object} [options.iframeAttributes] - Object with  names and
+     *     values coresponding to attributes you want added to the  Duo Prompt
+     *     iframe, like `title`, `width` and `allow`. WARNING: this parameter
+     *     only works if you use the `iframeContainer` parameter or add an id
+     *     of "duo_iframe" to an element that isn't an iframe. If you have
+     *     added an iframe to the DOM yourself, you should set those attributes
+     *     directly on the iframe.
+     * @param {String} [options.post_action=''] - URL to POST back to after a
+     *     successful auth.
+     * @param {String} [options.post_argument='sig_response'] - Parameter name
+     *     to use for response token.
+     * @param {Function} [options.submit_callback] - If provided, the Duo Web
+     *     SDK will not submit the form. Instead it will execute this callback
+     *     function passing in a reference to the "duo_form" form object.
+     *     `submit_callback`` can be used to prevent the webpage from reloading.
      */
     function init(options) {
+        // If init() is called more than once we have to reset all the local
+        // variables to ensure init() will work the same way every time. This
+        // helps people making single page applications. SPAs may periodically
+        // remove the iframe and add a new one that has to be initialized.
+        initializeStatefulVariables();
+
         if (options) {
             if (options.host) {
                 host = options.host;
@@ -213,39 +278,114 @@ window.Duo = (function(document, window) {
                 postArgument = options.post_argument;
             }
 
-            if (options.iframe) {
-                if ('tagName' in options.iframe) {
-                    iframe = options.iframe;
-                } else if (typeof options.iframe === 'string') {
-                    iframeId = options.iframe;
-                }
-            }
-
             if (typeof options.submit_callback === 'function') {
                 submitCallback = options.submit_callback;
             }
         }
 
-        // if we were given an iframe, no need to wait for the rest of the DOM
-        if (iframe) {
-            ready();
+        var promptElement = getPromptElement(options);
+        if (promptElement) {
+            // If we can get the element that will host the prompt, set it.
+            ready(promptElement, options.iframeAttributes || {});
         } else {
-            // try to find the iframe in the DOM
-            iframe = document.getElementById(iframeId);
-
-            // iframe is in the DOM, away we go!
-            if (iframe) {
-                ready();
-            } else {
-                // wait until the DOM is ready, then try again
-                onReady(onDOMReady);
-            }
+            // If the element that will host the prompt isn't available yet, set
+            // it up after the DOM finishes loading.
+            asyncReady(options);
         }
 
         // always clean up after yourself!
         offReady(init);
     }
 
+    /**
+     * Given the options from init(), get the iframe or iframe container that
+     * should be used for the Duo Prompt. Returns `null` if nothing was found.
+     */
+    function getPromptElement(options) {
+        var result;
+
+        if (options.iframe && options.iframeContainer) {
+            throwError(
+                'Passing both `iframe` and `iframeContainer` arguments at the' +
+                ' same time is not allowed.'
+            );
+        } else if (options.iframe) {
+            // If we are getting an iframe, try to get it and raise if the
+            // element we find is NOT an iframe.
+            result = getUserDefinedElement(options.iframe);
+            validateIframe(result);
+        } else if (options.iframeContainer) {
+            result = getUserDefinedElement(options.iframeContainer);
+            validateIframeContainer(result);
+        } else {
+            result = document.getElementById('duo_iframe');
+        }
+
+        return result;
+    }
+
+    /**
+     * When given an HTMLElement, return it. When given a string, get an element
+     * with that id, else return null.
+     */
+    function getUserDefinedElement(object) {
+        if (object.tagName) {
+            return object;
+        } else if (typeof object == 'string') {
+            return document.getElementById(object);
+        }
+        return null;
+    }
+
+    /**
+     * Check if the given thing is an iframe.
+     */
+    function isIframe(element) {
+        return (
+            element &&
+            element.tagName &&
+            element.tagName.toLowerCase() === 'iframe'
+        );
+    }
+
+    /**
+     * Throw an error if we are given an element that is NOT an iframe.
+     */
+    function validateIframe(element) {
+        if (element && !isIframe(element)) {
+            throwError(
+                '`iframe` only accepts an iframe element or the id of an' +
+                ' iframe. To use a non-iframe element, use the' +
+                ' `iframeContainer` argument.'
+            );
+        }
+    }
+
+    /**
+     * Throw an error if we are given an element that IS an iframe instead of an
+     * element that we can insert an iframe into.
+     */
+    function validateIframeContainer(element) {
+        if (element && isIframe(element)) {
+            throwError(
+                '`iframeContainer` only accepts a non-iframe element or the' +
+                ' id of a non-iframe. To use a non-iframe element, use the' +
+                ' `iframeContainer` argument on Duo.init().'
+            );
+        }
+    }
+
+    /**
+     * Generate the URL that goes to the Duo Prompt.
+     */
+    function generateIframeSrc() {
+        return [
+            'https://', host, '/frame/web/v1/auth?tx=', duoSig,
+            '&parent=', encodeURIComponent(document.location.href),
+            '&v=2.8'
+        ].join('');
+    }
+
     /**
      * This function is called when a message was received from another domain
      * using the `postMessage` API.  Check that the event came from the Duo
@@ -256,40 +396,99 @@ window.Duo = (function(document, window) {
      */
     function onReceivedMessage(event) {
         if (isDuoMessage(event)) {
-            // the event came from duo, do the post back
-            doPostBack(event.data);
+            if (event.data.match(DUO_OPEN_WINDOW_FORMAT)) {
+                var url = event.data.substring("DUO_OPEN_WINDOW|".length);
+                if (isValidUrlToOpen(url)) {
+                    // Open the URL that comes after the DUO_WINDOW_OPEN token.
+                    window.open(url, "_self");
+                }
+            }
+            else {
+                // the event came from duo, do the post back
+                doPostBack(event.data);
 
-            // always clean up after yourself!
-            offMessage(onReceivedMessage);
+                // always clean up after yourself!
+                offMessage(onReceivedMessage);
+            }
         }
     }
 
+    /**
+     * Validate that this passed in URL is one that we will actually allow to
+     * be opened.
+     * @param url String URL that the message poster wants to open
+     * @returns {boolean} true if we allow this url to be opened in the window
+     */
+    function isValidUrlToOpen(url) {
+        if (!url) {
+            return false;
+        }
+
+        var parser = document.createElement('a');
+        parser.href = url;
+
+        if (parser.protocol === "duotrustedendpoints:") {
+            return true;
+        } else if (parser.protocol !== "https:") {
+            return false;
+        }
+
+        for (var i = 0; i < VALID_OPEN_WINDOW_DOMAINS.length; i++) {
+           if (parser.hostname.endsWith("." + VALID_OPEN_WINDOW_DOMAINS[i]) ||
+                   parser.hostname === VALID_OPEN_WINDOW_DOMAINS[i]) {
+               return true;
+           }
+        }
+        return false;
+    }
+
+    /**
+     * Register a callback to call ready() after the DOM has loaded.
+     */
+    function asyncReady(options) {
+        var callback = function() {
+            var promptElement = getPromptElement(options);
+            if (!promptElement) {
+                throwError(
+                    'This page does not contain an iframe for Duo to use.' +
+                    ' Add an element like' +
+                    ' <iframe id="duo_iframe"></iframe> to this page.'
+                );
+            }
+
+            ready(promptElement, options.iframeAttributes || {});
+
+            // Always clean up after yourself.
+            offReady(callback)
+        };
+
+        onReady(callback);
+    }
+
     /**
      * Point the iframe at Duo, then wait for it to postMessage back to us.
      */
-    function ready() {
+    function ready(promptElement, iframeAttributes) {
         if (!host) {
-            host = getDataAttribute(iframe, 'host');
+            host = getDataAttribute(promptElement, 'host');
 
             if (!host) {
                 throwError(
                     'No API hostname is given for Duo to use.  Be sure to pass ' +
                     'a `host` parameter to Duo.init, or through the `data-host` ' +
-                    'attribute on the iframe element.',
-                    'https://www.duosecurity.com/docs/duoweb#3.-show-the-iframe'
+                    'attribute on the iframe element.'
                 );
             }
         }
 
         if (!duoSig || !appSig) {
-            parseSigRequest(getDataAttribute(iframe, 'sigRequest'));
+            parseSigRequest(getDataAttribute(promptElement, 'sigRequest'));
 
             if (!duoSig || !appSig) {
                 throwError(
                     'No valid signed request is given.  Be sure to give the ' +
                     '`sig_request` parameter to Duo.init, or use the ' +
-                    '`data-sig-request` attribute on the iframe element.',
-                    'https://www.duosecurity.com/docs/duoweb#3.-show-the-iframe'
+                    '`data-sig-request` attribute on the iframe element.'
                 );
             }
         }
@@ -297,19 +496,35 @@ window.Duo = (function(document, window) {
         // if postAction/Argument are defaults, see if they are specified
         // as data attributes on the iframe
         if (postAction === '') {
-            postAction = getDataAttribute(iframe, 'postAction') || postAction;
+            postAction = getDataAttribute(promptElement, 'postAction') || postAction;
         }
 
         if (postArgument === 'sig_response') {
-            postArgument = getDataAttribute(iframe, 'postArgument') || postArgument;
+            postArgument = getDataAttribute(promptElement, 'postArgument') || postArgument;
         }
 
-        // point the iframe at Duo
-        iframe.src = [
-            'https://', host, '/frame/web/v1/auth?tx=', duoSig,
-            '&parent=', document.location.href,
-            '&v=2.2'
-        ].join('');
+        if (isIframe(promptElement)) {
+            iframe = promptElement;
+            iframe.src = generateIframeSrc();
+        } else {
+            // If given a container to put an iframe in, clean out any children
+            // child elements in case `init()` was called more than once.
+            while (promptElement.firstChild) {
+                // We call `removeChild()` instead of doing `innerHTML = ""`
+                // to make sure we unbind any events.
+                promptElement.removeChild(promptElement.firstChild)
+            }
+
+            iframe = document.createElement('iframe');
+
+            // Set the src and all other attributes on the new iframe.
+            iframeAttributes['src'] = generateIframeSrc();
+            for (var name in iframeAttributes) {
+                iframe.setAttribute(name, iframeAttributes[name]);
+            }
+
+            promptElement.appendChild(iframe);
+        }
 
         // listen for the 'message' event
         onMessage(onReceivedMessage);
@@ -353,14 +568,11 @@ window.Duo = (function(document, window) {
         }
     }
 
-    // when the DOM is ready, initialize
-    // note that this will get cleaned up if the user calls init directly!
-    onReady(init);
-
     return {
         init: init,
+        _onReady: onReady,
         _parseSigRequest: parseSigRequest,
         _isDuoMessage: isDuoMessage,
         _doPostBack: doPostBack
     };
-}(document, window));
+}));

data/js/Duo-Web-v2.min.js

@@ -1 +1 @@
-window.Duo=function(e,t){var i=/^(?:AUTH|ENROLL)+\|[A-Za-z0-9\+\/=]+\|[A-Za-z0-9\+\/=]+$/;var o=/^ERR\|[\w\s\.\(\)]+$/;var n="duo_iframe",a="",s="sig_response",r,f,u,d,m,c;function h(e,t){throw new Error("Duo Web SDK error: "+e+(t?"\n"+"See "+t+" for more information":""))}function g(e){return e.replace(/([a-z])([A-Z])/,"$1-$2").toLowerCase()}function l(e,t){if("dataset"in e){return e.dataset[t]}else{return e.getAttribute("data-"+g(t))}}function p(e,i,o,n){if("addEventListener"in t){e.addEventListener(i,n,false)}else{e.attachEvent(o,n)}}function w(e,i,o,n){if("removeEventListener"in t){e.removeEventListener(i,n,false)}else{e.detachEvent(o,n)}}function v(t){p(e,"DOMContentLoaded","onreadystatechange",t)}function b(t){w(e,"DOMContentLoaded","onreadystatechange",t)}function E(e){p(t,"message","onmessage",e)}function _(e){w(t,"message","onmessage",e)}function y(e){if(!e){return}if(e.indexOf("ERR|")===0){h(e.split("|")[1])}if(e.indexOf(":")===-1||e.split(":").length!==2){h("Duo was given a bad token.  This might indicate a configuration "+"problem with one of Duo's client libraries.","https://www.duosecurity.com/docs/duoweb#first-steps")}var t=e.split(":");f=e;u=t[0];d=t[1];return{sigRequest:e,duoSig:t[0],appSig:t[1]}}function D(){m=e.getElementById(n);if(!m){throw new Error("This page does not contain an iframe for Duo to use."+'Add an element like <iframe id="duo_iframe"></iframe> '+"to this page.  "+"See https://www.duosecurity.com/docs/duoweb#3.-show-the-iframe "+"for more information.")}B();b(D)}function A(e){return Boolean(e.origin==="https://"+r&&typeof e.data==="string"&&(e.data.match(i)||e.data.match(o)))}function L(t){if(t){if(t.host){r=t.host}if(t.sig_request){y(t.sig_request)}if(t.post_action){a=t.post_action}if(t.post_argument){s=t.post_argument}if(t.iframe){if("tagName"in t.iframe){m=t.iframe}else if(typeof t.iframe==="string"){n=t.iframe}}if(typeof t.submit_callback==="function"){c=t.submit_callback}}if(m){B()}else{m=e.getElementById(n);if(m){B()}else{v(D)}}b(L)}function q(e){if(A(e)){R(e.data);_(q)}}function B(){if(!r){r=l(m,"host");if(!r){h("No API hostname is given for Duo to use.  Be sure to pass "+"a `host` parameter to Duo.init, or through the `data-host` "+"attribute on the iframe element.","https://www.duosecurity.com/docs/duoweb#3.-show-the-iframe")}}if(!u||!d){y(l(m,"sigRequest"));if(!u||!d){h("No valid signed request is given.  Be sure to give the "+"`sig_request` parameter to Duo.init, or use the "+"`data-sig-request` attribute on the iframe element.","https://www.duosecurity.com/docs/duoweb#3.-show-the-iframe")}}if(a===""){a=l(m,"postAction")||a}if(s==="sig_response"){s=l(m,"postArgument")||s}m.src=["https://",r,"/frame/web/v1/auth?tx=",u,"&parent=",e.location.href,"&v=2.2"].join("");E(q)}function R(t){var i=e.createElement("input");i.type="hidden";i.name=s;i.value=t+":"+d;var o=e.getElementById("duo_form");if(!o){o=e.createElement("form");m.parentElement.insertBefore(o,m.nextSibling)}o.method="POST";o.action=a;o.appendChild(i);if(typeof c==="function"){c.call(null,o)}else{o.submit()}}v(L);return{init:L,_parseSigRequest:y,_isDuoMessage:A,_doPostBack:R}}(document,window);
+!function(e,t){if("function"==typeof define&&define.amd)define([],t);else if("object"==typeof module&&module.exports)module.exports=t();else{var n=t();n._onReady(n.init),e.Duo=n}}(this,function(){var i,a,r,s,u,f,m,t=/^(?:AUTH|ENROLL)+\|[A-Za-z0-9\+\/=]+\|[A-Za-z0-9\+\/=]+$/,n=/^ERR\|[\w\s\.\(\)]+$/,d=/^DUO_OPEN_WINDOW\|/,c=["duo.com","duosecurity.com","duomobile.s3-us-west-1.amazonaws.com"];function l(){i="",a="sig_response",r=undefined,undefined,s=undefined,u=undefined,f=undefined,m=undefined}function h(e,t){var n=t||"https://www.duosecurity.com/docs/duoweb#3.-show-the-iframe";throw new Error("Duo Web SDK error: "+e+(n?"\nSee "+n+" for more information":""))}function g(e,t){return"dataset"in e?e.dataset[t]:e.getAttribute("data-"+function n(e){return e.replace(/([a-z])([A-Z])/,"$1-$2").toLowerCase()}(t))}function p(e,t,n,o){"addEventListener"in window?e.addEventListener(t,o,!1):e.attachEvent(n,o)}function v(e,t,n,o){"removeEventListener"in window?e.removeEventListener(t,o,!1):e.detachEvent(n,o)}function w(e){p(document,"DOMContentLoaded","onreadystatechange",e)}function _(e){v(document,"DOMContentLoaded","onreadystatechange",e)}function b(e){if(e){0===e.indexOf("ERR|")&&h(e.split("|")[1]),-1!==e.indexOf(":")&&2===e.split(":").length||h("Duo was given a bad token.  This might indicate a configuration problem with one of Duo's client libraries.");var t=e.split(":");return e,s=t[0],u=t[1],{sigRequest:e,duoSig:t[0],appSig:t[1]}}}function E(e){return Boolean(e.origin==="https://"+r&&"string"==typeof e.data&&(e.data.match(t)||e.data.match(n)||e.data.match(d)))}function y(e){var t;return e.iframe&&e.iframeContainer?h("Passing both `iframe` and `iframeContainer` arguments at the same time is not allowed."):e.iframe?function n(e){e&&!D(e)&&h("`iframe` only accepts an iframe element or the id of an iframe. To use a non-iframe element, use the `iframeContainer` argument.")}(t=C(e.iframe)):e.iframeContainer?function o(e){e&&D(e)&&h("`iframeContainer` only accepts a non-iframe element or the id of a non-iframe. To use a non-iframe element, use the `iframeContainer` argument on Duo.init().")}(t=C(e.iframeContainer)):t=document.getElementById("duo_iframe"),t}function C(e){return e.tagName?e:"string"==typeof e?document.getElementById(e):null}function D(e){return e&&e.tagName&&"iframe"===e.tagName.toLowerCase()}function A(){return["https://",r,"/frame/web/v1/auth?tx=",s,"&parent=",encodeURIComponent(document.location.href),"&v=2.8"].join("")}function O(e){if(E(e))if(e.data.match(d)){var t=e.data.substring("DUO_OPEN_WINDOW|".length);(function o(e){if(!e)return!1;var t=document.createElement("a");{if(t.href=e,"duotrustedendpoints:"===t.protocol)return!0;if("https:"!==t.protocol)return!1}for(var n=0;n<c.length;n++)if(t.hostname.endsWith("."+c[n])||t.hostname===c[n])return!0;return!1})(t)&&window.open(t,"_self")}else L(e.data),function n(e){v(window,"message","onmessage",e)}(O)}function R(e,t){if(r||(r=g(e,"host"))||h("No API hostname is given for Duo to use.  Be sure to pass a `host` parameter to Duo.init, or through the `data-host` attribute on the iframe element."),s&&u||(b(g(e,"sigRequest")),s&&u||h("No valid signed request is given.  Be sure to give the `sig_request` parameter to Duo.init, or use the `data-sig-request` attribute on the iframe element.")),""===i&&(i=g(e,"postAction")||i),"sig_response"===a&&(a=g(e,"postArgument")||a),D(e))(f=e).src=A();else{for(;e.firstChild;)e.removeChild(e.firstChild);for(var n in f=document.createElement("iframe"),t.src=A(),t)f.setAttribute(n,t[n]);e.appendChild(f)}!function o(e){p(window,"message","onmessage",e)}(O)}function L(e){var t=document.createElement("input");t.type="hidden",t.name=a,t.value=e+":"+u;var n=document.getElementById("duo_form");n||(n=document.createElement("form"),f.parentElement.insertBefore(n,f.nextSibling)),n.method="POST",n.action=i,n.appendChild(t),"function"==typeof m?m.call(null,n):n.submit()}return l(),{init:function N(e){l(),e&&(e.host&&(r=e.host),e.sig_request&&b(e.sig_request),e.post_action&&(i=e.post_action),e.post_argument&&(a=e.post_argument),"function"==typeof e.submit_callback&&(m=e.submit_callback));var t=y(e);t?R(t,e.iframeAttributes||{}):function o(t){var n=function(){var e=y(t);e||h('This page does not contain an iframe for Duo to use. Add an element like <iframe id="duo_iframe"></iframe> to this page.'),R(e,t.iframeAttributes||{}),_(n)};w(n)}(e),_(N)},_onReady:w,_parseSigRequest:b,_isDuoMessage:E,_doPostBack:L}});

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: duo_web
 version: !ruby/object:Gem::Version
-  version: 1.0.0
+  version: 1.0.1
 platform: ruby
 authors:
 - Duo Security
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2016-06-10 00:00:00.000000000 Z
+date: 2019-09-12 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rake
@@ -30,12 +30,26 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '0'
+        version: 0.49.0
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
+      - !ruby/object:Gem::Version
+        version: 0.49.0
+- !ruby/object:Gem::Dependency
+  name: test-unit
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0'
 description: A Ruby implementation of the Duo Web SDK.
@@ -67,7 +81,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
       version: '0'
 requirements: []
 rubyforge_project: 
-rubygems_version: 2.5.1
+rubygems_version: 2.5.2.3
 signing_key: 
 specification_version: 4
 summary: Duo Web Ruby