@azure/keyvault-secrets 4.5.2-alpha.20220919.6 → 4.6.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/index.js +23 -6
- package/dist/index.js.map +1 -1
- package/dist-esm/keyvault-common/src/challengeBasedAuthenticationPolicy.js +19 -2
- package/dist-esm/keyvault-common/src/challengeBasedAuthenticationPolicy.js.map +1 -1
- package/dist-esm/keyvault-secrets/src/constants.js +1 -1
- package/dist-esm/keyvault-secrets/src/constants.js.map +1 -1
- package/dist-esm/keyvault-secrets/src/generated/keyVaultClient.js +1 -1
- package/dist-esm/keyvault-secrets/src/generated/keyVaultClient.js.map +1 -1
- package/dist-esm/keyvault-secrets/src/index.js +2 -2
- package/dist-esm/keyvault-secrets/src/index.js.map +1 -1
- package/dist-esm/keyvault-secrets/src/secretsModels.js.map +1 -1
- package/package.json +5 -5
- package/types/keyvault-secrets.d.ts +6 -1
package/dist/index.js
CHANGED
|
@@ -644,7 +644,7 @@ class KeyVaultClient extends coreHttpCompat__namespace.ExtendedServiceClient {
|
|
|
644
644
|
const defaults = {
|
|
645
645
|
requestContentType: "application/json; charset=utf-8"
|
|
646
646
|
};
|
|
647
|
-
const packageDetails = `azsdk-js-keyvault-secrets/4.
|
|
647
|
+
const packageDetails = `azsdk-js-keyvault-secrets/4.6.0`;
|
|
648
648
|
const userAgentPrefix = options.userAgentOptions && options.userAgentOptions.userAgentPrefix
|
|
649
649
|
? `${options.userAgentOptions.userAgentPrefix} ${packageDetails}`
|
|
650
650
|
: `${packageDetails}`;
|
|
@@ -1155,6 +1155,19 @@ function parseWWWAuthenticate(wwwAuthenticate) {
|
|
|
1155
1155
|
}
|
|
1156
1156
|
|
|
1157
1157
|
// Copyright (c) Microsoft Corporation.
|
|
1158
|
+
function verifyChallengeResource(scope, request) {
|
|
1159
|
+
let scopeAsUrl;
|
|
1160
|
+
try {
|
|
1161
|
+
scopeAsUrl = new URL(scope);
|
|
1162
|
+
}
|
|
1163
|
+
catch (e) {
|
|
1164
|
+
throw new Error(`The challenge contains invalid scope '${scope}'`);
|
|
1165
|
+
}
|
|
1166
|
+
const requestUrl = new URL(request.url);
|
|
1167
|
+
if (!requestUrl.hostname.endsWith(`.${scopeAsUrl.hostname}`)) {
|
|
1168
|
+
throw new Error(`The challenge resource '${scopeAsUrl.hostname}' does not match the requested domain. Set disableChallengeResourceVerification to true in your client options to disable. See https://aka.ms/azsdk/blog/vault-uri for more information.`);
|
|
1169
|
+
}
|
|
1170
|
+
}
|
|
1158
1171
|
/**
|
|
1159
1172
|
* @internal
|
|
1160
1173
|
*
|
|
@@ -1168,14 +1181,15 @@ function parseWWWAuthenticate(wwwAuthenticate) {
|
|
|
1168
1181
|
*
|
|
1169
1182
|
* Following the first request of a client, follow-up requests will get the cached token
|
|
1170
1183
|
* if possible.
|
|
1184
|
+
*
|
|
1171
1185
|
*/
|
|
1172
|
-
function createChallengeCallbacks() {
|
|
1186
|
+
function createChallengeCallbacks({ disableChallengeResourceVerification, } = {}) {
|
|
1173
1187
|
let challengeState = { status: "none" };
|
|
1174
1188
|
function requestToOptions(request) {
|
|
1175
1189
|
return {
|
|
1176
1190
|
abortSignal: request.abortSignal,
|
|
1177
1191
|
requestOptions: {
|
|
1178
|
-
timeout: request.timeout
|
|
1192
|
+
timeout: request.timeout,
|
|
1179
1193
|
},
|
|
1180
1194
|
tracingOptions: request.tracingOptions,
|
|
1181
1195
|
};
|
|
@@ -1223,6 +1237,9 @@ function createChallengeCallbacks() {
|
|
|
1223
1237
|
if (!scope) {
|
|
1224
1238
|
throw new Error("Missing scope.");
|
|
1225
1239
|
}
|
|
1240
|
+
if (!disableChallengeResourceVerification) {
|
|
1241
|
+
verifyChallengeResource(scope, request);
|
|
1242
|
+
}
|
|
1226
1243
|
const accessToken = await options.getAccessToken([scope], Object.assign(Object.assign({}, getTokenOptions), { tenantId: parsedChallenge.tenantId }));
|
|
1227
1244
|
if (!accessToken) {
|
|
1228
1245
|
return false;
|
|
@@ -1410,7 +1427,7 @@ function getSecretFromSecretBundle(bundle) {
|
|
|
1410
1427
|
|
|
1411
1428
|
// Copyright (c) Microsoft Corporation.
|
|
1412
1429
|
// Licensed under the MIT license.
|
|
1413
|
-
const SDK_VERSION = "4.
|
|
1430
|
+
const SDK_VERSION = "4.6.0";
|
|
1414
1431
|
|
|
1415
1432
|
// Copyright (c) Microsoft Corporation.
|
|
1416
1433
|
const tracingClient = coreTracing.createTracingClient({
|
|
@@ -1627,7 +1644,7 @@ class SecretClient {
|
|
|
1627
1644
|
*
|
|
1628
1645
|
* let client = new SecretClient(vaultUrl, credentials);
|
|
1629
1646
|
* ```
|
|
1630
|
-
* @param vaultUrl - The base URL to the vault.
|
|
1647
|
+
* @param vaultUrl - The base URL to the vault. You should validate that this URL references a valid Key Vault resource. See https://aka.ms/azsdk/blog/vault-uri for details.
|
|
1631
1648
|
* @param credential - An object that implements the `TokenCredential` interface used to authenticate requests to the service. Use the \@azure/identity package to create a credential that suits your needs.
|
|
1632
1649
|
* @param pipelineOptions - Pipeline options used to configure Key Vault API requests.
|
|
1633
1650
|
* Omit this parameter to use the default pipeline configuration.
|
|
@@ -1637,7 +1654,7 @@ class SecretClient {
|
|
|
1637
1654
|
const authPolicy = coreRestPipeline.bearerTokenAuthenticationPolicy({
|
|
1638
1655
|
credential,
|
|
1639
1656
|
scopes: [],
|
|
1640
|
-
challengeCallbacks: createChallengeCallbacks(),
|
|
1657
|
+
challengeCallbacks: createChallengeCallbacks(pipelineOptions),
|
|
1641
1658
|
});
|
|
1642
1659
|
const internalPipelineOptions = Object.assign(Object.assign({}, pipelineOptions), { loggingOptions: {
|
|
1643
1660
|
logger: logger.info,
|