npm - @azure/core-client - Versions diffs - 1.3.3-alpha.20211026.1 → 1.4.0-alpha.20211206.10 - Mend

@azure/core-client 1.3.3-alpha.20211026.1 → 1.4.0-alpha.20211206.10

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (18) hide show

package/CHANGELOG.md +10 -1
package/README.md +1 -1
package/dist/index.js +81 -1
package/dist/index.js.map +1 -1
package/dist-esm/src/authorizeRequestOnClaimChallenge.js +70 -0
package/dist-esm/src/authorizeRequestOnClaimChallenge.js.map +1 -0
package/dist-esm/src/base64.browser.js +7 -0
package/dist-esm/src/base64.browser.js.map +1 -1
package/dist-esm/src/base64.js +8 -0
package/dist-esm/src/base64.js.map +1 -1
package/dist-esm/src/index.js +1 -0
package/dist-esm/src/index.js.map +1 -1
package/dist-esm/src/interfaces.js.map +1 -1
package/dist-esm/src/urlHelpers.js +4 -1
package/dist-esm/src/urlHelpers.js.map +1 -1
package/package.json +3 -2
package/types/3.1/core-client.d.ts +205 -2
package/types/latest/core-client.d.ts +206 -2

package/CHANGELOG.md CHANGED Viewed

@@ -1,15 +1,24 @@
 # Release History
-## 1.3.3 (Unreleased)
+## 1.4.0 (Unreleased)
 ### Features Added
+- Added a new function `authorizeRequestOnClaimChallenge`, that can be used with the `@azure/core-rest-pipeline`'s `bearerTokenAuthenticationPolicy` to support [Continuous Access Evaluation (CAE) challenges](https://docs.microsoft.com/azure/active-directory/conditional-access/concept-continuous-access-evaluation).
+- Call the `bearerTokenAuthenticationPolicy` with the following options: `bearerTokenAuthenticationPolicy({ authorizeRequestOnChallenge: authorizeRequestOnClaimChallenge })`. Once provided, the `bearerTokenAuthenticationPolicy` policy will internally handle Continuous Access Evaluation (CAE) challenges. When it can't complete a challenge it will return the 401 (unauthorized) response from ARM.
 ### Breaking Changes
 ### Bugs Fixed
 ### Other Changes
+## 1.3.3 (2021-12-02)
+### Bugs Fixed
+- Added a check to handle undefined value during the parsing of query parameters. Please refer to [PR #18621](https://github.com/Azure/azure-sdk-for-js/pull/18621) for further details.
 ## 1.3.2 (2021-10-25)
 ### Bugs Fixed

package/README.md CHANGED Viewed

@@ -1,4 +1,4 @@
-# Azure Core Service client library for JavaScript (Experimental)
+# Azure Core Service client library for JavaScript
 This library is primarily intended to be used in code generated by [AutoRest](https://github.com/Azure/Autorest) and [`autorest.typescript`](https://github.com/Azure/autorest.typescript).

package/dist/index.js CHANGED Viewed

@@ -3,6 +3,7 @@
 Object.defineProperty(exports, '__esModule', { value: true });
 var coreRestPipeline = require('@azure/core-rest-pipeline');
+var logger = require('@azure/logger');
 require('@azure/core-asynciterator-polyfill');
 // Copyright (c) Microsoft Corporation.
@@ -140,6 +141,14 @@ function encodeByteArray(value) {
 function decodeString(value) {
     return Buffer.from(value, "base64");
 }
+/**
+ * Decodes a base64 string into a string.
+ * @param value - the base64 string to decode
+ * @internal
+ */
+function decodeStringToString(value) {
+    return Buffer.from(value, "base64").toString();
+}
 // Copyright (c) Microsoft Corporation.
 // Licensed under the MIT license.
@@ -1346,12 +1355,15 @@ function appendQueryParams(url, queryParams, sequenceParams, noOverwrite = false
         if (typeof value === "string") {
             searchPieces.push(`${name}=${value}`);
         }
-        else {
+        else if (Array.isArray(value)) {
             // QUIRK: If we get an array of values, include multiple key/value pairs
             for (const subValue of value) {
                 searchPieces.push(`${name}=${subValue}`);
             }
         }
+        else {
+            searchPieces.push(`${name}=${value}`);
+        }
     }
     // QUIRK: we have to set search manually as searchParams will encode comma when it shouldn't.
     parsedUrl.search = searchPieces.length ? `?${searchPieces.join("&")}` : "";
@@ -1883,10 +1895,78 @@ function getCredentialScopes(options) {
     return undefined;
 }
+// Copyright (c) Microsoft Corporation.
+const defaultLogger = logger.createClientLogger("authorizeRequestOnClaimChallenge");
+/**
+ * Converts: `Bearer a="b", c="d", Bearer d="e", f="g"`.
+ * Into: `[ { a: 'b', c: 'd' }, { d: 'e', f: 'g' } ]`.
+ *
+ * @internal
+ */
+function parseCAEChallenge(challenges) {
+    const bearerChallenges = `, ${challenges.trim()}`.split(", Bearer ").filter((x) => x);
+    return bearerChallenges.map((challenge) => {
+        const challengeParts = `${challenge.trim()}, `.split('", ').filter((x) => x);
+        const keyValuePairs = challengeParts.map((keyValue) => (([key, value]) => ({ [key]: value }))(keyValue.trim().split('="')));
+        // Key-value pairs to plain object:
+        return keyValuePairs.reduce((a, b) => (Object.assign(Object.assign({}, a), b)), {});
+    });
+}
+/**
+ * This function can be used as a callback for the `bearerTokenAuthenticationPolicy` of `@azure/core-rest-pipeline`, to support CAE challenges:
+ * [Continuous Access Evaluation](https://docs.microsoft.com/azure/active-directory/conditional-access/concept-continuous-access-evaluation).
+ *
+ * Call the `bearerTokenAuthenticationPolicy` with the following options:
+ *
+ * ```ts
+ * import { bearerTokenAuthenticationPolicy } from "@azure/core-rest-pipeline";
+ * import { authorizeRequestOnClaimChallenge } from "@azure/core-client";
+ *
+ * const bearerTokenAuthenticationPolicy = bearerTokenAuthenticationPolicy({
+ *   authorizeRequestOnChallenge: authorizeRequestOnClaimChallenge
+ * });
+ * ```
+ *
+ * Once provided, the `bearerTokenAuthenticationPolicy` policy will internally handle Continuous Access Evaluation (CAE) challenges.
+ * When it can't complete a challenge it will return the 401 (unauthorized) response from ARM.
+ *
+ * Example challenge with claims:
+ *
+ * ```
+ * Bearer authorization_uri="https://login.windows-ppe.net/", error="invalid_token",
+ * error_description="User session has been revoked",
+ * claims="eyJhY2Nlc3NfdG9rZW4iOnsibmJmIjp7ImVzc2VudGlhbCI6dHJ1ZSwgInZhbHVlIjoiMTYwMzc0MjgwMCJ9fX0="
+ * ```
+ */
+async function authorizeRequestOnClaimChallenge(onChallengeOptions) {
+    const { scopes, response } = onChallengeOptions;
+    const logger = onChallengeOptions.logger || defaultLogger;
+    const challenge = response.headers.get("WWW-Authenticate");
+    if (!challenge) {
+        logger.info(`The WWW-Authenticate header was missing. Failed to perform the Continuous Access Evaluation authentication flow.`);
+        return false;
+    }
+    const challenges = parseCAEChallenge(challenge) || [];
+    const parsedChallenge = challenges.find((x) => x.claims);
+    if (!parsedChallenge) {
+        logger.info(`The WWW-Authenticate header was missing the necessary "claims" to perform the Continuous Access Evaluation authentication flow.`);
+        return false;
+    }
+    const accessToken = await onChallengeOptions.getAccessToken(parsedChallenge.scope ? [parsedChallenge.scope] : scopes, {
+        claims: decodeStringToString(parsedChallenge.claims)
+    });
+    if (!accessToken) {
+        return false;
+    }
+    onChallengeOptions.request.headers.set("Authorization", `Bearer ${accessToken.token}`);
+    return true;
+}
 exports.MapperTypeNames = MapperTypeNames;
 exports.ServiceClient = ServiceClient;
 exports.XML_ATTRKEY = XML_ATTRKEY;
 exports.XML_CHARKEY = XML_CHARKEY;
+exports.authorizeRequestOnClaimChallenge = authorizeRequestOnClaimChallenge;
 exports.createClientPipeline = createClientPipeline;
 exports.createSerializer = createSerializer;
 exports.deserializationPolicy = deserializationPolicy;