@azure/core-client 1.3.3 → 1.4.0-alpha.20220104.5

package/CHANGELOG.md

@@ -1,5 +1,18 @@
 # Release History
 
+## 1.4.0 (Unreleased)
+
+### Features Added
+
+- Added a new function `authorizeRequestOnClaimChallenge`, that can be used with the `@azure/core-rest-pipeline`'s `bearerTokenAuthenticationPolicy` to support [Continuous Access Evaluation (CAE) challenges](https://docs.microsoft.com/azure/active-directory/conditional-access/concept-continuous-access-evaluation).
+- Call the `bearerTokenAuthenticationPolicy` with the following options: `bearerTokenAuthenticationPolicy({ authorizeRequestOnChallenge: authorizeRequestOnClaimChallenge })`. Once provided, the `bearerTokenAuthenticationPolicy` policy will internally handle Continuous Access Evaluation (CAE) challenges. When it can't complete a challenge it will return the 401 (unauthorized) response from ARM.
+
+### Breaking Changes
+
+### Bugs Fixed
+
+### Other Changes
+
 ## 1.3.3 (2021-12-02)
 
 ### Bugs Fixed

package/dist/index.js

@@ -3,6 +3,7 @@
 Object.defineProperty(exports, '__esModule', { value: true });
 
 var coreRestPipeline = require('@azure/core-rest-pipeline');
+var logger = require('@azure/logger');
 require('@azure/core-asynciterator-polyfill');
 
 // Copyright (c) Microsoft Corporation.
@@ -116,7 +117,7 @@ function flattenResponse(fullResponse, responseSpec) {
         body: fullResponse.parsedBody,
         headers: parsedHeaders,
         hasNullableType: isNullable,
-        shouldWrapBody: isPrimitiveBody(fullResponse.parsedBody, expectedBodyTypeName)
+        shouldWrapBody: isPrimitiveBody(fullResponse.parsedBody, expectedBodyTypeName),
     });
 }
 
@@ -140,6 +141,14 @@ function encodeByteArray(value) {
 function decodeString(value) {
     return Buffer.from(value, "base64");
 }
+/**
+ * Decodes a base64 string into a string.
+ * @param value - the base64 string to decode
+ * @internal
+ */
+function decodeStringToString(value) {
+    return Buffer.from(value, "base64").toString();
+}
 
 // Copyright (c) Microsoft Corporation.
 // Licensed under the MIT license.
@@ -163,7 +172,7 @@ class SerializerImpl {
             throw new Error(`"${objectName}" with value "${value}" should satisfy the constraint "${constraintName}": ${constraintValue}.`);
         };
         if (mapper.constraints && value !== undefined && value !== null) {
-            const { ExclusiveMaximum, ExclusiveMinimum, InclusiveMaximum, InclusiveMinimum, MaxItems, MaxLength, MinItems, MinLength, MultipleOf, Pattern, UniqueItems } = mapper.constraints;
+            const { ExclusiveMaximum, ExclusiveMinimum, InclusiveMaximum, InclusiveMinimum, MaxItems, MaxLength, MinItems, MinLength, MultipleOf, Pattern, UniqueItems, } = mapper.constraints;
             if (ExclusiveMaximum !== undefined && value >= ExclusiveMaximum) {
                 failValidation("ExclusiveMaximum", ExclusiveMaximum);
             }
@@ -222,8 +231,8 @@ class SerializerImpl {
             xml: {
                 rootName: (_a = options.xml.rootName) !== null && _a !== void 0 ? _a : "",
                 includeRoot: (_b = options.xml.includeRoot) !== null && _b !== void 0 ? _b : false,
-                xmlCharKey: (_c = options.xml.xmlCharKey) !== null && _c !== void 0 ? _c : XML_CHARKEY
-            }
+                xmlCharKey: (_c = options.xml.xmlCharKey) !== null && _c !== void 0 ? _c : XML_CHARKEY,
+            },
         };
         let payload = {};
         const mapperType = mapper.type.name;
@@ -311,8 +320,8 @@ class SerializerImpl {
             xml: {
                 rootName: (_a = options.xml.rootName) !== null && _a !== void 0 ? _a : "",
                 includeRoot: (_b = options.xml.includeRoot) !== null && _b !== void 0 ? _b : false,
-                xmlCharKey: (_c = options.xml.xmlCharKey) !== null && _c !== void 0 ? _c : XML_CHARKEY
-            }
+                xmlCharKey: (_c = options.xml.xmlCharKey) !== null && _c !== void 0 ? _c : XML_CHARKEY,
+            },
         };
         if (responseBody === undefined || responseBody === null) {
             if (this.isXML && mapper.type.name === "Sequence" && !mapper.xmlIsWrapped) {
@@ -417,9 +426,7 @@ function bufferToBase64Url(buffer) {
     // Uint8Array to Base64.
     const str = encodeByteArray(buffer);
     // Base64 to Base64Url.
-    return trimEnd(str, "=")
-        .replace(/\+/g, "-")
-        .replace(/\//g, "_");
+    return trimEnd(str, "=").replace(/\+/g, "-").replace(/\//g, "_");
 }
 function base64UrlToByteArray(str) {
     if (!str) {
@@ -578,14 +585,21 @@ function serializeDateTypes(typeName, value, objectName) {
     return value;
 }
 function serializeSequenceType(serializer, mapper, object, objectName, isXml, options) {
+    var _a;
     if (!Array.isArray(object)) {
         throw new Error(`${objectName} must be of type Array.`);
     }
-    const elementType = mapper.type.element;
+    let elementType = mapper.type.element;
     if (!elementType || typeof elementType !== "object") {
         throw new Error(`element" metadata for an Array must be defined in the ` +
             `mapper and it must of type "object" in ${objectName}.`);
     }
+    // Quirk: Composite mappers referenced by `element` might
+    // not have *all* properties declared (like uberParent),
+    // so let's try to look up the full definition by name.
+    if (elementType.type.name === "Composite" && elementType.type.className) {
+        elementType = (_a = serializer.modelMappers[elementType.type.className]) !== null && _a !== void 0 ? _a : elementType;
+    }
     const tempArray = [];
     for (let i = 0; i < object.length; i++) {
         const serializedValue = serializer.serialize(elementType, object[i], objectName, options);
@@ -941,8 +955,8 @@ function deserializeDictionaryType(serializer, mapper, responseBody, objectName,
     return responseBody;
 }
 function deserializeSequenceType(serializer, mapper, responseBody, objectName, options) {
-    /* jshint validthis: true */
-    const element = mapper.type.element;
+    var _a;
+    let element = mapper.type.element;
     if (!element || typeof element !== "object") {
         throw new Error(`element" metadata for an Array must be defined in the ` +
             `mapper and it must of type "object" in ${objectName}`);
@@ -952,6 +966,12 @@ function deserializeSequenceType(serializer, mapper, responseBody, objectName, o
             // xml2js will interpret a single element array as just the element, so force it to be an array
             responseBody = [responseBody];
         }
+        // Quirk: Composite mappers referenced by `element` might
+        // not have *all* properties declared (like uberParent),
+        // so let's try to look up the full definition by name.
+        if (element.type.name === "Composite" && element.type.className) {
+            element = (_a = serializer.modelMappers[element.type.className]) !== null && _a !== void 0 ? _a : element;
+        }
         const tempArray = [];
         for (let i = 0; i < responseBody.length; i++) {
             tempArray[i] = serializer.deserialize(element, responseBody[i], `${objectName}[${i}]`, options);
@@ -963,8 +983,12 @@ function deserializeSequenceType(serializer, mapper, responseBody, objectName, o
 function getPolymorphicMapper(serializer, mapper, object, polymorphicPropertyName) {
     const polymorphicDiscriminator = getPolymorphicDiscriminatorRecursively(serializer, mapper);
     if (polymorphicDiscriminator) {
-        const discriminatorName = polymorphicDiscriminator[polymorphicPropertyName];
+        let discriminatorName = polymorphicDiscriminator[polymorphicPropertyName];
         if (discriminatorName) {
+            // The serializedName might have \\, which we just want to ignore
+            if (polymorphicPropertyName === "serializedName") {
+                discriminatorName = discriminatorName.replace(/\\/gi, "");
+            }
             const discriminatorValue = object[discriminatorName];
             if (discriminatorValue !== undefined && discriminatorValue !== null) {
                 const typeName = mapper.type.uberParent || mapper.type.className;
@@ -1009,7 +1033,7 @@ const MapperTypeNames = {
     String: "String",
     Stream: "Stream",
     TimeSpan: "TimeSpan",
-    UnixTime: "UnixTime"
+    UnixTime: "UnixTime",
 };
 
 // Copyright (c) Microsoft Corporation.
@@ -1095,7 +1119,7 @@ function getOperationArgumentValueFromParameter(operationArguments, parameter, f
             const propertyPath = parameterPath[propertyName];
             const propertyValue = getOperationArgumentValueFromParameter(operationArguments, {
                 parameterPath: propertyPath,
-                mapper: propertyMapper
+                mapper: propertyMapper,
             }, fallbackObject);
             if (propertyValue !== undefined) {
                 if (!value) {
@@ -1141,7 +1165,7 @@ const CollectionFormatToDelimiterMap = {
     SSV: " ",
     Multi: "Multi",
     TSV: "\t",
-    Pipes: "|"
+    Pipes: "|",
 };
 function getRequestUrl(baseUri, operationSpec, operationArguments, fallbackObject) {
     const urlReplacements = calculateUrlReplacements(operationSpec, operationArguments, fallbackObject);
@@ -1276,7 +1300,7 @@ function calculateQueryParameters(operationSpec, operationArguments, fallbackObj
     }
     return {
         queryParams: result,
-        sequenceParams
+        sequenceParams,
     };
 }
 function simpleParseQueryParams(queryString) {
@@ -1390,15 +1414,15 @@ function deserializationPolicy(options = {}) {
         xml: {
             rootName: (_e = serializerOptions === null || serializerOptions === void 0 ? void 0 : serializerOptions.xml.rootName) !== null && _e !== void 0 ? _e : "",
             includeRoot: (_f = serializerOptions === null || serializerOptions === void 0 ? void 0 : serializerOptions.xml.includeRoot) !== null && _f !== void 0 ? _f : false,
-            xmlCharKey: (_g = serializerOptions === null || serializerOptions === void 0 ? void 0 : serializerOptions.xml.xmlCharKey) !== null && _g !== void 0 ? _g : XML_CHARKEY
-        }
+            xmlCharKey: (_g = serializerOptions === null || serializerOptions === void 0 ? void 0 : serializerOptions.xml.xmlCharKey) !== null && _g !== void 0 ? _g : XML_CHARKEY,
+        },
     };
     return {
         name: deserializationPolicyName,
         async sendRequest(request, next) {
             const response = await next(request);
             return deserializeResponseBody(jsonContentTypes, xmlContentTypes, response, updatedOptions, parseXML);
-        }
+        },
     };
 }
 function getOperationResponseMap(parsedResponse) {
@@ -1468,7 +1492,7 @@ async function deserializeResponseBody(jsonContentTypes, xmlContentTypes, respon
                 const restError = new coreRestPipeline.RestError(`Error ${deserializeError} occurred in deserializing the responseBody - ${parsedResponse.bodyAsText}`, {
                     statusCode: parsedResponse.status,
                     request: parsedResponse.request,
-                    response: parsedResponse
+                    response: parsedResponse,
                 });
                 throw restError;
             }
@@ -1511,7 +1535,7 @@ function handleErrorResponse(parsedResponse, operationSpec, responseSpec) {
     const error = new coreRestPipeline.RestError(initialErrorMessage, {
         statusCode: parsedResponse.status,
         request: parsedResponse.request,
-        response: parsedResponse
+        response: parsedResponse,
     });
     // If the item failed but there's no error spec or default spec to deserialize the error,
     // we should fail so we just throw the parsed response
@@ -1548,7 +1572,8 @@ function handleErrorResponse(parsedResponse, operationSpec, responseSpec) {
         }
         // If error response has headers, try to deserialize it using default header mapper
         if (parsedResponse.headers && defaultHeadersMapper) {
-            error.response.parsedHeaders = operationSpec.serializer.deserialize(defaultHeadersMapper, parsedResponse.headers.toJSON(), "operationRes.parsedHeaders");
+            error.response.parsedHeaders =
+                operationSpec.serializer.deserialize(defaultHeadersMapper, parsedResponse.headers.toJSON(), "operationRes.parsedHeaders");
         }
     }
     catch (defaultError) {
@@ -1587,7 +1612,7 @@ async function parse(jsonContentTypes, xmlContentTypes, operationResponse, opts,
                 code: errCode,
                 statusCode: operationResponse.status,
                 request: operationResponse.request,
-                response: operationResponse
+                response: operationResponse,
             });
             throw e;
         }
@@ -1617,7 +1642,7 @@ function serializationPolicy(options = {}) {
                 serializeRequestBody(request, operationArguments, operationSpec, stringifyXML);
             }
             return next(request);
-        }
+        },
     };
 }
 /**
@@ -1662,14 +1687,14 @@ function serializeRequestBody(request, operationArguments, operationSpec, string
         xml: {
             rootName: (_b = serializerOptions === null || serializerOptions === void 0 ? void 0 : serializerOptions.xml.rootName) !== null && _b !== void 0 ? _b : "",
             includeRoot: (_c = serializerOptions === null || serializerOptions === void 0 ? void 0 : serializerOptions.xml.includeRoot) !== null && _c !== void 0 ? _c : false,
-            xmlCharKey: (_d = serializerOptions === null || serializerOptions === void 0 ? void 0 : serializerOptions.xml.xmlCharKey) !== null && _d !== void 0 ? _d : XML_CHARKEY
-        }
+            xmlCharKey: (_d = serializerOptions === null || serializerOptions === void 0 ? void 0 : serializerOptions.xml.xmlCharKey) !== null && _d !== void 0 ? _d : XML_CHARKEY,
+        },
     };
     const xmlCharKey = updatedOptions.xml.xmlCharKey;
     if (operationSpec.requestBody && operationSpec.requestBody.mapper) {
         request.body = getOperationArgumentValueFromParameter(operationArguments, operationSpec.requestBody);
         const bodyMapper = operationSpec.requestBody.mapper;
-        const { required, serializedName, xmlName, xmlElementName, xmlNamespace, xmlNamespacePrefix, nullable } = bodyMapper;
+        const { required, serializedName, xmlName, xmlElementName, xmlNamespace, xmlNamespacePrefix, nullable, } = bodyMapper;
         const typeName = bodyMapper.type.name;
         try {
             if ((request.body !== undefined && request.body !== null) ||
@@ -1687,7 +1712,7 @@ function serializeRequestBody(request, operationArguments, operationSpec, string
                     else if (!isStream) {
                         request.body = stringifyXML(value, {
                             rootName: xmlName || serializedName,
-                            xmlCharKey
+                            xmlCharKey,
                         });
                     }
                 }
@@ -1755,12 +1780,12 @@ function createClientPipeline(options = {}) {
     if (options.credentialOptions) {
         pipeline.addPolicy(coreRestPipeline.bearerTokenAuthenticationPolicy({
             credential: options.credentialOptions.credential,
-            scopes: options.credentialOptions.credentialScopes
+            scopes: options.credentialOptions.credentialScopes,
         }));
     }
     pipeline.addPolicy(serializationPolicy(options.serializationOptions), { phase: "Serialize" });
     pipeline.addPolicy(deserializationPolicy(options.deserializationOptions), {
-        phase: "Deserialize"
+        phase: "Deserialize",
     });
     return pipeline;
 }
@@ -1804,7 +1829,7 @@ class ServiceClient {
         // not part of OperationArguments
         const url = getRequestUrl(baseUri, operationSpec, operationArguments, this);
         const request = coreRestPipeline.createPipelineRequest({
-            url
+            url,
         });
         request.method = operationSpec.httpMethod;
         const operationInfo = getOperationRequestInfo(request);
@@ -1886,10 +1911,78 @@ function getCredentialScopes(options) {
     return undefined;
 }
 
+// Copyright (c) Microsoft Corporation.
+const defaultLogger = logger.createClientLogger("authorizeRequestOnClaimChallenge");
+/**
+ * Converts: `Bearer a="b", c="d", Bearer d="e", f="g"`.
+ * Into: `[ { a: 'b', c: 'd' }, { d: 'e', f: 'g' } ]`.
+ *
+ * @internal
+ */
+function parseCAEChallenge(challenges) {
+    const bearerChallenges = `, ${challenges.trim()}`.split(", Bearer ").filter((x) => x);
+    return bearerChallenges.map((challenge) => {
+        const challengeParts = `${challenge.trim()}, `.split('", ').filter((x) => x);
+        const keyValuePairs = challengeParts.map((keyValue) => (([key, value]) => ({ [key]: value }))(keyValue.trim().split('="')));
+        // Key-value pairs to plain object:
+        return keyValuePairs.reduce((a, b) => (Object.assign(Object.assign({}, a), b)), {});
+    });
+}
+/**
+ * This function can be used as a callback for the `bearerTokenAuthenticationPolicy` of `@azure/core-rest-pipeline`, to support CAE challenges:
+ * [Continuous Access Evaluation](https://docs.microsoft.com/azure/active-directory/conditional-access/concept-continuous-access-evaluation).
+ *
+ * Call the `bearerTokenAuthenticationPolicy` with the following options:
+ *
+ * ```ts
+ * import { bearerTokenAuthenticationPolicy } from "@azure/core-rest-pipeline";
+ * import { authorizeRequestOnClaimChallenge } from "@azure/core-client";
+ *
+ * const bearerTokenAuthenticationPolicy = bearerTokenAuthenticationPolicy({
+ *   authorizeRequestOnChallenge: authorizeRequestOnClaimChallenge
+ * });
+ * ```
+ *
+ * Once provided, the `bearerTokenAuthenticationPolicy` policy will internally handle Continuous Access Evaluation (CAE) challenges.
+ * When it can't complete a challenge it will return the 401 (unauthorized) response from ARM.
+ *
+ * Example challenge with claims:
+ *
+ * ```
+ * Bearer authorization_uri="https://login.windows-ppe.net/", error="invalid_token",
+ * error_description="User session has been revoked",
+ * claims="eyJhY2Nlc3NfdG9rZW4iOnsibmJmIjp7ImVzc2VudGlhbCI6dHJ1ZSwgInZhbHVlIjoiMTYwMzc0MjgwMCJ9fX0="
+ * ```
+ */
+async function authorizeRequestOnClaimChallenge(onChallengeOptions) {
+    const { scopes, response } = onChallengeOptions;
+    const logger = onChallengeOptions.logger || defaultLogger;
+    const challenge = response.headers.get("WWW-Authenticate");
+    if (!challenge) {
+        logger.info(`The WWW-Authenticate header was missing. Failed to perform the Continuous Access Evaluation authentication flow.`);
+        return false;
+    }
+    const challenges = parseCAEChallenge(challenge) || [];
+    const parsedChallenge = challenges.find((x) => x.claims);
+    if (!parsedChallenge) {
+        logger.info(`The WWW-Authenticate header was missing the necessary "claims" to perform the Continuous Access Evaluation authentication flow.`);
+        return false;
+    }
+    const accessToken = await onChallengeOptions.getAccessToken(parsedChallenge.scope ? [parsedChallenge.scope] : scopes, {
+        claims: decodeStringToString(parsedChallenge.claims),
+    });
+    if (!accessToken) {
+        return false;
+    }
+    onChallengeOptions.request.headers.set("Authorization", `Bearer ${accessToken.token}`);
+    return true;
+}
+
 exports.MapperTypeNames = MapperTypeNames;
 exports.ServiceClient = ServiceClient;
 exports.XML_ATTRKEY = XML_ATTRKEY;
 exports.XML_CHARKEY = XML_CHARKEY;
+exports.authorizeRequestOnClaimChallenge = authorizeRequestOnClaimChallenge;
 exports.createClientPipeline = createClientPipeline;
 exports.createSerializer = createSerializer;
 exports.deserializationPolicy = deserializationPolicy;