@cinerino/sdk 14.0.0-alpha.8 → 14.0.0

package/lib/auth/implicitGrantClient.js

@@ -1,100 +1,29 @@
 "use strict";
 /* eslint-disable @typescript-eslint/no-explicit-any */
 /* istanbul ignore file */
-var __extends = (this && this.__extends) || (function () {
-    var extendStatics = function (d, b) {
-        extendStatics = Object.setPrototypeOf ||
-            ({ __proto__: [] } instanceof Array && function (d, b) { d.__proto__ = b; }) ||
-            function (d, b) { for (var p in b) if (Object.prototype.hasOwnProperty.call(b, p)) d[p] = b[p]; };
-        return extendStatics(d, b);
-    };
-    return function (d, b) {
-        if (typeof b !== "function" && b !== null)
-            throw new TypeError("Class extends value " + String(b) + " is not a constructor or null");
-        extendStatics(d, b);
-        function __() { this.constructor = d; }
-        d.prototype = b === null ? Object.create(b) : (__.prototype = b.prototype, new __());
-    };
-})();
-var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
-    if (k2 === undefined) k2 = k;
-    var desc = Object.getOwnPropertyDescriptor(m, k);
-    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
-      desc = { enumerable: true, get: function() { return m[k]; } };
-    }
-    Object.defineProperty(o, k2, desc);
-}) : (function(o, m, k, k2) {
-    if (k2 === undefined) k2 = k;
-    o[k2] = m[k];
-}));
-var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
-    Object.defineProperty(o, "default", { enumerable: true, value: v });
-}) : function(o, v) {
-    o["default"] = v;
-});
-var __importStar = (this && this.__importStar) || function (mod) {
-    if (mod && mod.__esModule) return mod;
-    var result = {};
-    if (mod != null) for (var k in mod) if (k !== "default" && Object.prototype.hasOwnProperty.call(mod, k)) __createBinding(result, mod, k);
-    __setModuleDefault(result, mod);
-    return result;
-};
-var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
-    function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
-    return new (P || (P = Promise))(function (resolve, reject) {
-        function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
-        function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
-        function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
-        step((generator = generator.apply(thisArg, _arguments || [])).next());
-    });
-};
-var __generator = (this && this.__generator) || function (thisArg, body) {
-    var _ = { label: 0, sent: function() { if (t[0] & 1) throw t[1]; return t[1]; }, trys: [], ops: [] }, f, y, t, g = Object.create((typeof Iterator === "function" ? Iterator : Object).prototype);
-    return g.next = verb(0), g["throw"] = verb(1), g["return"] = verb(2), typeof Symbol === "function" && (g[Symbol.iterator] = function() { return this; }), g;
-    function verb(n) { return function (v) { return step([n, v]); }; }
-    function step(op) {
-        if (f) throw new TypeError("Generator is already executing.");
-        while (g && (g = 0, op[0] && (_ = 0)), _) try {
-            if (f = 1, y && (t = op[0] & 2 ? y["return"] : op[0] ? y["throw"] || ((t = y["return"]) && t.call(y), 0) : y.next) && !(t = t.call(y, op[1])).done) return t;
-            if (y = 0, t) op = [op[0] & 2, t.value];
-            switch (op[0]) {
-                case 0: case 1: t = op; break;
-                case 4: _.label++; return { value: op[1], done: false };
-                case 5: _.label++; y = op[1]; op = [0]; continue;
-                case 7: op = _.ops.pop(); _.trys.pop(); continue;
-                default:
-                    if (!(t = _.trys, t = t.length > 0 && t[t.length - 1]) && (op[0] === 6 || op[0] === 2)) { _ = 0; continue; }
-                    if (op[0] === 3 && (!t || (op[1] > t[0] && op[1] < t[3]))) { _.label = op[1]; break; }
-                    if (op[0] === 6 && _.label < t[1]) { _.label = t[1]; t = op; break; }
-                    if (t && _.label < t[2]) { _.label = t[2]; _.ops.push(op); break; }
-                    if (t[2]) _.ops.pop();
-                    _.trys.pop(); continue;
-            }
-            op = body.call(thisArg, _);
-        } catch (e) { op = [6, e]; y = 0; } finally { f = t = 0; }
-        if (op[0] & 5) throw op[1]; return { value: op[0] ? op[1] : void 0, done: true };
-    }
-};
 var __importDefault = (this && this.__importDefault) || function (mod) {
     return (mod && mod.__esModule) ? mod : { "default": mod };
 };
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.ImplicitGrantClient = void 0;
-var debug_1 = __importDefault(require("debug"));
-var idtoken_verifier_1 = __importDefault(require("idtoken-verifier"));
-var qs = __importStar(require("qs"));
-var ErrorFactory = __importStar(require("./implicitGrantClient/error"));
-var popupAuthenticationHandler_1 = __importDefault(require("./implicitGrantClient/popupAuthenticationHandler"));
-var silentAuthenticationHandler_1 = __importDefault(require("./implicitGrantClient/silentAuthenticationHandler"));
-var silentLogoutHandler_1 = __importDefault(require("./implicitGrantClient/silentLogoutHandler"));
-var oAuth2client_1 = __importDefault(require("./oAuth2client"));
-var debug = (0, debug_1.default)('cinerino-sdk:auth:implicitGrantClient');
+const debug_1 = __importDefault(require("debug"));
+const idtoken_verifier_1 = __importDefault(require("idtoken-verifier"));
+const qs_1 = require("qs");
+const error_1 = require("./implicitGrantClient/error");
+const popupAuthenticationHandler_1 = require("./implicitGrantClient/popupAuthenticationHandler");
+const silentAuthenticationHandler_1 = require("./implicitGrantClient/silentAuthenticationHandler");
+const silentLogoutHandler_1 = require("./implicitGrantClient/silentLogoutHandler");
+const oAuth2client_1 = require("./oAuth2client");
+const debug = (0, debug_1.default)('cinerino-sdk:auth:implicitGrantClient');
 /**
  * OAuth2 client using grant type 'implicit grant'
  */
-var ImplicitGrantClient = /** @class */ (function (_super) {
-    __extends(ImplicitGrantClient, _super);
-    function ImplicitGrantClient(options) {
+class ImplicitGrantClient extends oAuth2client_1.OAuth2client {
+    static AUTHORIZE_URL = '/authorize';
+    static LOGOUT_URL = '/logout';
+    options;
+    credentials;
+    constructor(options) {
         // assert.check(
         //     options,
         //     { type: 'object', message: 'options parameter is not valid' },
@@ -108,17 +37,16 @@ var ImplicitGrantClient = /** @class */ (function (_super) {
         //         audience: { optional: true, type: 'string', message: 'audience is not valid' }
         //     }
         // );
-        var _this = _super.call(this, options) || this;
-        _this.options = options;
-        _this.options.responseMode = 'fragment';
-        _this.options.responseType = 'token';
+        super(options);
+        this.options = options;
+        this.options.responseMode = 'fragment';
+        this.options.responseType = 'token';
         // amazon cognitoの認可サーバーはnonce未実装
-        _this.options.nonce = null;
-        debug('options:', _this.options);
-        _this.credentials = {};
-        return _this;
+        this.options.nonce = null;
+        debug('options:', this.options);
+        this.credentials = {};
     }
-    ImplicitGrantClient.BUILD_PASRSE_HASH_RESPONS = function (qsParams, __, idTokenPayload) {
+    static BUILD_PASRSE_HASH_RESPONS(qsParams, __, idTokenPayload) {
         return {
             accessToken: qsParams.access_token,
             idToken: qsParams.id_token,
@@ -128,223 +56,147 @@ var ImplicitGrantClient = /** @class */ (function (_super) {
             expiresIn: qsParams.expires_in ? parseInt(qsParams.expires_in, 10) : undefined,
             tokenType: qsParams.token_type
         };
-    };
-    ImplicitGrantClient.prototype.isSignedIn = function () {
-        return __awaiter(this, void 0, void 0, function () {
-            return __generator(this, function (_a) {
-                return [2 /*return*/, this.refreshToken()
-                        .then(function (result) { return result; })
-                        .catch(function () { return null; })];
-            });
-        });
-    };
-    ImplicitGrantClient.prototype.getAccessToken = function () {
-        return __awaiter(this, void 0, void 0, function () {
-            return __generator(this, function (_a) {
-                switch (_a.label) {
-                    case 0:
-                        if (!(this.credentials.accessToken === undefined)) return [3 /*break*/, 2];
-                        if (!(typeof this.credentials.refreshToken === 'string' && this.credentials.refreshToken.length > 0)) return [3 /*break*/, 2];
-                        return [4 /*yield*/, this.refreshAccessToken()];
-                    case 1:
-                        _a.sent();
-                        _a.label = 2;
-                    case 2: return [2 /*return*/, this.credentials.accessToken];
-                }
-            });
-        });
-    };
-    ImplicitGrantClient.prototype.refreshAccessToken = function () {
-        return __awaiter(this, void 0, void 0, function () {
-            return __generator(this, function (_a) {
-                if (this.credentials.refreshToken === undefined) {
-                    throw new Error('not authorized yet');
-                }
-                return [2 /*return*/, this.refreshToken()];
-            });
-        });
-    };
+    }
+    async isSignedIn() {
+        return this.refreshToken()
+            .then((result) => result)
+            .catch(() => null);
+    }
+    async getAccessToken() {
+        // todo check if expired
+        if (this.credentials.accessToken === undefined) {
+            // refreshTokenが存在すればrefreshAccessToken
+            /* istanbul ignore else */
+            if (typeof this.credentials.refreshToken === 'string' && this.credentials.refreshToken.length > 0) {
+                await this.refreshAccessToken();
+            }
+        }
+        return this.credentials.accessToken;
+    }
+    async refreshAccessToken() {
+        if (this.credentials.refreshToken === undefined) {
+            throw new Error('not authorized yet');
+        }
+        return this.refreshToken();
+    }
     /**
      * Executes a silent authentication transaction under the hood in order to fetch a new tokens for the current session.
      */
-    ImplicitGrantClient.prototype.refreshToken = function () {
-        return __awaiter(this, void 0, void 0, function () {
-            var usePostMessage, params, handler, hash;
-            return __generator(this, function (_a) {
-                switch (_a.label) {
-                    case 0:
-                        usePostMessage = false;
-                        params = {
-                            clientId: this.options.clientId,
-                            responseType: this.options.responseType,
-                            responseMode: this.options.responseMode,
-                            prompt: 'none',
-                            redirectUri: this.options.redirectUri,
-                            scope: this.options.scope,
-                            state: this.options.state,
-                            nonce: this.options.nonce
-                        };
-                        handler = silentAuthenticationHandler_1.default.CREATE({
-                            authenticationUrl: this.buildAuthorizeUrl(params)
-                        });
-                        return [4 /*yield*/, handler.login(usePostMessage)];
-                    case 1:
-                        hash = _a.sent();
-                        return [2 /*return*/, this.onLogin(hash)];
-                }
-            });
+    async refreshToken() {
+        const usePostMessage = false;
+        const params = {
+            clientId: this.options.clientId,
+            responseType: this.options.responseType,
+            responseMode: this.options.responseMode,
+            prompt: 'none',
+            redirectUri: this.options.redirectUri,
+            scope: this.options.scope,
+            state: this.options.state,
+            nonce: this.options.nonce
+        };
+        const handler = silentAuthenticationHandler_1.SilentAuthenticationHandler.CREATE({
+            authenticationUrl: this.buildAuthorizeUrl(params)
         });
-    };
+        const hash = await handler.login(usePostMessage);
+        return this.onLogin(hash);
+    }
     /**
      * Redirects to the hosted login page (`/authorize`) in order to start a new authN/authZ transaction.
      */
-    ImplicitGrantClient.prototype.signIn = function () {
-        return __awaiter(this, void 0, void 0, function () {
-            var usePostMessage, params, handler, hash;
-            return __generator(this, function (_a) {
-                switch (_a.label) {
-                    case 0:
-                        usePostMessage = true;
-                        params = {
-                            clientId: this.options.clientId,
-                            responseType: this.options.responseType,
-                            responseMode: this.options.responseMode,
-                            prompt: '',
-                            redirectUri: this.options.redirectUri,
-                            scope: this.options.scope,
-                            state: this.options.state,
-                            nonce: this.options.nonce
-                        };
-                        handler = popupAuthenticationHandler_1.default.CREATE({
-                            authenticationUrl: this.buildAuthorizeUrl(params)
-                        });
-                        return [4 /*yield*/, handler.login(usePostMessage)];
-                    case 1:
-                        hash = _a.sent();
-                        return [2 /*return*/, this.onLogin(hash)];
-                }
-            });
+    async signIn() {
+        const usePostMessage = true;
+        const params = {
+            clientId: this.options.clientId,
+            responseType: this.options.responseType,
+            responseMode: this.options.responseMode,
+            prompt: '',
+            redirectUri: this.options.redirectUri,
+            scope: this.options.scope,
+            state: this.options.state,
+            nonce: this.options.nonce
+        };
+        const handler = popupAuthenticationHandler_1.PopupAuthenticationHandler.CREATE({
+            authenticationUrl: this.buildAuthorizeUrl(params)
         });
-    };
+        // 認可画面を新規タブで開く
+        const hash = await handler.login(usePostMessage);
+        return this.onLogin(hash);
+    }
     /**
      * Redirects to the auth0 logout endpoint
      */
-    ImplicitGrantClient.prototype.signOut = function () {
-        return __awaiter(this, void 0, void 0, function () {
-            var usePostMessage, handler;
-            return __generator(this, function (_a) {
-                switch (_a.label) {
-                    case 0:
-                        usePostMessage = false;
-                        handler = silentLogoutHandler_1.default.CREATE({
-                            logoutUrl: this.buildLogoutUrl({
-                                clientId: this.options.clientId,
-                                logoutUri: this.options.logoutUri
-                            })
-                        });
-                        return [4 /*yield*/, handler.logout(usePostMessage)];
-                    case 1:
-                        _a.sent();
-                        return [2 /*return*/];
-                }
-            });
-        });
-    };
-    ImplicitGrantClient.prototype.onLogin = function (hash) {
-        return __awaiter(this, void 0, void 0, function () {
-            var _a, _b;
-            return __generator(this, function (_c) {
-                switch (_c.label) {
-                    case 0:
-                        debug('onLogin');
-                        // hash was already parsed, so we just return it.
-                        _a = this;
-                        if (!(typeof hash === 'object')) return [3 /*break*/, 1];
-                        _b = hash;
-                        return [3 /*break*/, 3];
-                    case 1: return [4 /*yield*/, this.parseHash(hash)];
-                    case 2:
-                        _b = _c.sent();
-                        _c.label = 3;
-                    case 3:
-                        // hash was already parsed, so we just return it.
-                        _a.credentials = _b;
-                        debug('credentials:', this.credentials);
-                        return [2 /*return*/, this.credentials];
-                }
-            });
+    async signOut() {
+        const usePostMessage = false;
+        const handler = silentLogoutHandler_1.SilentLogoutHandler.CREATE({
+            logoutUrl: this.buildLogoutUrl({
+                clientId: this.options.clientId,
+                logoutUri: this.options.logoutUri
+            })
         });
-    };
-    ImplicitGrantClient.prototype.parseHash = function (hash) {
-        return __awaiter(this, void 0, void 0, function () {
-            var hashStr, parsedQs, err, payload, verifier, decodedToken;
-            return __generator(this, function (_a) {
-                switch (_a.label) {
-                    case 0:
-                        hashStr = hash === undefined ? window.location.hash : hash;
-                        hashStr = hashStr.replace(/^#?\/?/, '');
-                        parsedQs = qs.parse(hashStr);
-                        // if authorization falied
-                        if (Object.prototype.hasOwnProperty.call(parsedQs, 'error')) {
-                            err = new ErrorFactory.AuthorizeError(parsedQs.error_description);
-                            err.error = parsedQs.error;
-                            err.errorDescription = parsedQs.error_description;
-                            err.state = parsedQs.state;
-                            throw err;
-                        }
-                        if (!Object.prototype.hasOwnProperty.call(parsedQs, 'access_token') &&
-                            !Object.prototype.hasOwnProperty.call(parsedQs, 'id_token') &&
-                            !Object.prototype.hasOwnProperty.call(parsedQs, 'refresh_token')) {
-                            throw new Error('invalid hash');
-                        }
-                        if (!(typeof parsedQs.id_token === 'string')) return [3 /*break*/, 2];
-                        return [4 /*yield*/, this.validateToken(parsedQs.id_token, this.options.nonce)];
-                    case 1:
-                        payload = _a.sent();
-                        return [2 /*return*/, ImplicitGrantClient.BUILD_PASRSE_HASH_RESPONS(parsedQs, '', payload)];
-                    case 2:
-                        if (typeof parsedQs.id_token === 'string') {
-                            verifier = new idtoken_verifier_1.default({
-                                issuer: this.options.tokenIssuer,
-                                audience: this.options.clientId
-                            });
-                            decodedToken = verifier.decode(parsedQs.id_token);
-                            return [2 /*return*/, ImplicitGrantClient.BUILD_PASRSE_HASH_RESPONS(parsedQs, '', decodedToken.payload)];
-                        }
-                        else {
-                            return [2 /*return*/, ImplicitGrantClient.BUILD_PASRSE_HASH_RESPONS(parsedQs, '', null)];
-                        }
-                        return [2 /*return*/];
-                }
+        await handler.logout(usePostMessage);
+    }
+    async onLogin(hash) {
+        debug('onLogin');
+        // hash was already parsed, so we just return it.
+        this.credentials = (typeof hash === 'object') ? hash : await this.parseHash(hash);
+        debug('credentials:', this.credentials);
+        return this.credentials;
+    }
+    async parseHash(hash) {
+        let hashStr = hash === undefined ? window.location.hash : hash;
+        hashStr = hashStr.replace(/^#?\/?/, '');
+        const parsedQs = (0, qs_1.parse)(hashStr);
+        // if authorization falied
+        if (Object.prototype.hasOwnProperty.call(parsedQs, 'error')) {
+            const err = new error_1.AuthorizeError(parsedQs.error_description);
+            err.error = parsedQs.error;
+            err.errorDescription = parsedQs.error_description;
+            err.state = parsedQs.state;
+            throw err;
+        }
+        if (!Object.prototype.hasOwnProperty.call(parsedQs, 'access_token') &&
+            !Object.prototype.hasOwnProperty.call(parsedQs, 'id_token') &&
+            !Object.prototype.hasOwnProperty.call(parsedQs, 'refresh_token')) {
+            throw new Error('invalid hash');
+        }
+        // id_tokenを検証する
+        if (typeof parsedQs.id_token === 'string') {
+            const payload = await this.validateToken(parsedQs.id_token, this.options.nonce);
+            return ImplicitGrantClient.BUILD_PASRSE_HASH_RESPONS(parsedQs, '', payload);
+        }
+        if (typeof parsedQs.id_token === 'string') {
+            const verifier = new idtoken_verifier_1.default({
+                issuer: this.options.tokenIssuer,
+                audience: this.options.clientId
             });
-        });
-    };
+            const decodedToken = verifier.decode(parsedQs.id_token);
+            return ImplicitGrantClient.BUILD_PASRSE_HASH_RESPONS(parsedQs, '', decodedToken.payload);
+        }
+        else {
+            return ImplicitGrantClient.BUILD_PASRSE_HASH_RESPONS(parsedQs, '', null);
+        }
+    }
     /**
      * Decodes the a JWT and verifies its nonce value
      */
-    ImplicitGrantClient.prototype.validateToken = function (token, nonce) {
-        return __awaiter(this, void 0, void 0, function () {
-            var _this = this;
-            return __generator(this, function (_a) {
-                return [2 /*return*/, new Promise(function (resolve, reject) {
-                        var verifier = new idtoken_verifier_1.default({
-                            issuer: _this.options.tokenIssuer,
-                            audience: _this.options.clientId
-                        });
-                        verifier.verify(token, nonce, function (err, payload) {
-                            debug('id_token verified', err, payload);
-                            if (err !== null) {
-                                reject(err);
-                                return;
-                            }
-                            resolve(payload);
-                        });
-                    })];
+    async validateToken(token, nonce) {
+        return new Promise((resolve, reject) => {
+            const verifier = new idtoken_verifier_1.default({
+                issuer: this.options.tokenIssuer,
+                audience: this.options.clientId
+            });
+            verifier.verify(token, nonce, (err, payload) => {
+                debug('id_token verified', err, payload);
+                if (err !== null) {
+                    reject(err);
+                    return;
+                }
+                resolve(payload);
             });
         });
-    };
-    ImplicitGrantClient.prototype.buildAuthorizeUrl = function (options) {
-        var qString = qs.stringify({
+    }
+    buildAuthorizeUrl(options) {
+        const qString = (0, qs_1.stringify)({
             client_id: options.clientId,
             response_type: options.responseType,
             redirect_uri: options.redirectUri,
@@ -354,22 +206,19 @@ var ImplicitGrantClient = /** @class */ (function (_super) {
             nonce: options.nonce,
             prompt: options.prompt
         });
-        return "https://".concat(this.options.domain).concat(ImplicitGrantClient.AUTHORIZE_URL, "?").concat(qString);
-    };
+        return `https://${this.options.domain}${ImplicitGrantClient.AUTHORIZE_URL}?${qString}`;
+    }
     /**
      * Builds and returns the Logout url in order to initialize a new authN/authZ transaction
      * If you want to navigate the user to a specific URL after the logout,
      * set that URL at the returnTo parameter. The URL should be included in any the appropriate Allowed Logout URLs list:
      */
-    ImplicitGrantClient.prototype.buildLogoutUrl = function (options) {
-        var qString = qs.stringify({
+    buildLogoutUrl(options) {
+        const qString = (0, qs_1.stringify)({
             client_id: options.clientId,
             logout_uri: options.logoutUri
         });
-        return "https://".concat(this.options.domain).concat(ImplicitGrantClient.LOGOUT_URL, "?").concat(qString);
-    };
-    ImplicitGrantClient.AUTHORIZE_URL = '/authorize';
-    ImplicitGrantClient.LOGOUT_URL = '/logout';
-    return ImplicitGrantClient;
-}(oAuth2client_1.default));
+        return `https://${this.options.domain}${ImplicitGrantClient.LOGOUT_URL}?${qString}`;
+    }
+}
 exports.ImplicitGrantClient = ImplicitGrantClient;

package/lib/auth/loginTicket.js

@@ -5,23 +5,24 @@ exports.LoginTicket = void 0;
  * APIログインチケット
  * id tokenからユーザーネームを取り出すためのシンプルなクラス
  */
-var LoginTicket = /** @class */ (function () {
+class LoginTicket {
+    envelope;
+    payload;
     /**
      * constructor
      */
-    function LoginTicket(params) {
+    constructor(params) {
         this.envelope = params.envelope;
         this.payload = params.payload;
     }
     /**
      * ユーザーネームを取り出す
      */
-    LoginTicket.prototype.getUsername = function () {
+    getUsername() {
         if (this.payload !== undefined) {
             return this.payload['cognito:username'];
         }
         return;
-    };
-    return LoginTicket;
-}());
+    }
+}
 exports.LoginTicket = LoginTicket;

package/lib/auth/oAuth2client.d.ts

@@ -37,7 +37,7 @@ export interface IVerifyIdTokenOptions {
 /**
  * OAuth2 client
  */
-export default class OAuth2client implements AuthClient {
+export declare class OAuth2client implements AuthClient {
     /**
      * The base URL for auth endpoints.
      */
@@ -61,7 +61,7 @@ export default class OAuth2client implements AuthClient {
     private readonly events;
     constructor(options: IOptions);
     static BASE64URLENCODE(str: Buffer): string;
-    static SHA256(buffer: string): Buffer;
+    static SHA256(buffer: string): NonSharedBuffer;
     /**
      * Generates URL for consent page landing.
      */