@esri/solutions-components 0.2.0 → 0.2.1

Sign up to get free protection for your applications and to get access to all the features.
Files changed (34) hide show
  1. package/dist/cjs/calcite-shell-panel_14.cjs.entry.js +1 -1
  2. package/dist/cjs/solution-configuration.cjs.entry.js +1086 -2
  3. package/dist/cjs/solution-configuration.cjs.entry.js.map +1 -1
  4. package/dist/cjs/solution-contents_3.cjs.entry.js +1 -1
  5. package/dist/cjs/{solution-store-f0547fe7.js → solution-store-e2fc11ac.js} +6 -1
  6. package/dist/cjs/solution-store-e2fc11ac.js.map +1 -0
  7. package/dist/collection/components/solution-configuration/solution-configuration.js +5 -9
  8. package/dist/collection/components/solution-configuration/solution-configuration.js.map +1 -1
  9. package/dist/components/solution-configuration.js +1086 -2
  10. package/dist/components/solution-configuration.js.map +1 -1
  11. package/dist/components/solution-store.js +1 -1
  12. package/dist/components/solution-store.js.map +1 -1
  13. package/dist/esm/calcite-shell-panel_14.entry.js +1 -1
  14. package/dist/esm/solution-configuration.entry.js +1086 -2
  15. package/dist/esm/solution-configuration.entry.js.map +1 -1
  16. package/dist/esm/solution-contents_3.entry.js +1 -1
  17. package/dist/esm/{solution-store-c1f6173a.js → solution-store-b3c65467.js} +2 -2
  18. package/dist/esm/solution-store-b3c65467.js.map +1 -0
  19. package/dist/solutions-components/{p-0e7a0839.entry.js → p-542189bc.entry.js} +2 -2
  20. package/dist/solutions-components/{p-0e7a0839.entry.js.map → p-542189bc.entry.js.map} +0 -0
  21. package/dist/solutions-components/{p-ee9be0ef.entry.js → p-638738f2.entry.js} +2 -2
  22. package/dist/solutions-components/{p-ee9be0ef.entry.js.map → p-638738f2.entry.js.map} +0 -0
  23. package/dist/solutions-components/p-7e8985f2.entry.js +1979 -0
  24. package/dist/solutions-components/p-7e8985f2.entry.js.map +1 -0
  25. package/dist/solutions-components/{p-065830b8.js → p-b25f6ebe.js} +2 -2
  26. package/dist/solutions-components/p-b25f6ebe.js.map +1 -0
  27. package/dist/solutions-components/solutions-components.esm.js +1 -1
  28. package/dist/solutions-components_commit.txt +5 -6
  29. package/package.json +1 -1
  30. package/dist/cjs/solution-store-f0547fe7.js.map +0 -1
  31. package/dist/esm/solution-store-c1f6173a.js.map +0 -1
  32. package/dist/solutions-components/p-065830b8.js.map +0 -1
  33. package/dist/solutions-components/p-401541a5.entry.js +0 -895
  34. package/dist/solutions-components/p-401541a5.entry.js.map +0 -1
package/dist/components/solution-configuration.js CHANGED
@@ -4,7 +4,7 @@
4
4
  * http://www.apache.org/licenses/LICENSE-2.0
5
5
  */
6
6
  import { proxyCustomElement, HTMLElement, h, Host } from '@stencil/core/internal/client';
7
- import { g as getProp, s as state } from './solution-store.js';
7
+ import { r as request, N as NODEJS_DEFAULT_REFERER_HEADER, c as cleanUrl, e as encodeQueryString, A as ArcGISAuthError, g as getProp, s as state } from './solution-store.js';
8
8
  import { g as getLocaleComponentStrings } from './locale.js';
9
9
  import { d as defineCustomElement$B } from './action.js';
10
10
  import { d as defineCustomElement$A } from './action-group.js';
@@ -385,6 +385,1090 @@ function _getTopLevelItemIds(templates) {
385
385
  return topLevelItemCandidateIds;
386
386
  }
387
387
 
388
+ /* Copyright (c) 2017-2020 Environmental Systems Research Institute, Inc.
389
+ * Apache-2.0 */
390
+ function decodeParam(param) {
391
+ var _a = param.split("="), key = _a[0], value = _a[1];
392
+ return { key: decodeURIComponent(key), value: decodeURIComponent(value) };
393
+ }
394
+ /**
395
+ * Decodes the passed query string as an object.
396
+ *
397
+ * @param query A string to be decoded.
398
+ * @returns A decoded query param object.
399
+ */
400
+ function decodeQueryString(query) {
401
+ return query
402
+ .replace(/^#/, "")
403
+ .split("&")
404
+ .reduce(function (acc, entry) {
405
+ var _a = decodeParam(entry), key = _a.key, value = _a.value;
406
+ acc[key] = value;
407
+ return acc;
408
+ }, {});
409
+ }
410
+
411
+ /*! *****************************************************************************
412
+ Copyright (c) Microsoft Corporation.
413
+
414
+ Permission to use, copy, modify, and/or distribute this software for any
415
+ purpose with or without fee is hereby granted.
416
+
417
+ THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES WITH
418
+ REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
419
+ AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY SPECIAL, DIRECT,
420
+ INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
421
+ LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR
422
+ OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
423
+ PERFORMANCE OF THIS SOFTWARE.
424
+ ***************************************************************************** */
425
+
426
+ var __assign = function() {
427
+ __assign = Object.assign || function __assign(t) {
428
+ for (var s, i = 1, n = arguments.length; i < n; i++) {
429
+ s = arguments[i];
430
+ for (var p in s) if (Object.prototype.hasOwnProperty.call(s, p)) t[p] = s[p];
431
+ }
432
+ return t;
433
+ };
434
+ return __assign.apply(this, arguments);
435
+ };
436
+
437
+ /* Copyright (c) 2017 Environmental Systems Research Institute, Inc.
438
+ * Apache-2.0 */
439
+ function fetchToken(url, requestOptions) {
440
+ var options = requestOptions;
441
+ // we generate a response, so we can't return the raw response
442
+ options.rawResponse = false;
443
+ return request(url, options).then(function (response) {
444
+ var r = {
445
+ token: response.access_token,
446
+ username: response.username,
447
+ expires: new Date(
448
+ // convert seconds in response to milliseconds and add the value to the current time to calculate a static expiration timestamp
449
+ Date.now() + (response.expires_in * 1000 - 1000)),
450
+ ssl: response.ssl === true
451
+ };
452
+ if (response.refresh_token) {
453
+ r.refreshToken = response.refresh_token;
454
+ }
455
+ return r;
456
+ });
457
+ }
458
+
459
+ /* Copyright (c) 2017-2018 Environmental Systems Research Institute, Inc.
460
+ * Apache-2.0 */
461
+ function generateToken(url, requestOptions) {
462
+ var options = requestOptions;
463
+ /* istanbul ignore else */
464
+ if (typeof window !== "undefined" &&
465
+ window.location &&
466
+ window.location.host) {
467
+ options.params.referer = window.location.host;
468
+ }
469
+ else {
470
+ options.params.referer = NODEJS_DEFAULT_REFERER_HEADER;
471
+ }
472
+ return request(url, options);
473
+ }
474
+
475
+ /**
476
+ * Used to test if a URL is an ArcGIS Online URL
477
+ */
478
+ var arcgisOnlineUrlRegex = /^https?:\/\/(\S+)\.arcgis\.com.+/;
479
+ function isOnline(url) {
480
+ return arcgisOnlineUrlRegex.test(url);
481
+ }
482
+ function normalizeOnlinePortalUrl(portalUrl) {
483
+ if (!arcgisOnlineUrlRegex.test(portalUrl)) {
484
+ return portalUrl;
485
+ }
486
+ switch (getOnlineEnvironment(portalUrl)) {
487
+ case "dev":
488
+ return "https://devext.arcgis.com/sharing/rest";
489
+ case "qa":
490
+ return "https://qaext.arcgis.com/sharing/rest";
491
+ default:
492
+ return "https://www.arcgis.com/sharing/rest";
493
+ }
494
+ }
495
+ function getOnlineEnvironment(url) {
496
+ if (!arcgisOnlineUrlRegex.test(url)) {
497
+ return null;
498
+ }
499
+ var match = url.match(arcgisOnlineUrlRegex);
500
+ var subdomain = match[1].split(".").pop();
501
+ if (subdomain.includes("dev")) {
502
+ return "dev";
503
+ }
504
+ if (subdomain.includes("qa")) {
505
+ return "qa";
506
+ }
507
+ return "production";
508
+ }
509
+ function isFederated(owningSystemUrl, portalUrl) {
510
+ var normalizedPortalUrl = cleanUrl(normalizeOnlinePortalUrl(portalUrl)).replace(/https?:\/\//, "");
511
+ var normalizedOwningSystemUrl = cleanUrl(owningSystemUrl).replace(/https?:\/\//, "");
512
+ return new RegExp(normalizedOwningSystemUrl, "i").test(normalizedPortalUrl);
513
+ }
514
+ function canUseOnlineToken(portalUrl, requestUrl) {
515
+ var portalIsOnline = isOnline(portalUrl);
516
+ var requestIsOnline = isOnline(requestUrl);
517
+ var portalEnv = getOnlineEnvironment(portalUrl);
518
+ var requestEnv = getOnlineEnvironment(requestUrl);
519
+ if (portalIsOnline && requestIsOnline && portalEnv === requestEnv) {
520
+ return true;
521
+ }
522
+ return false;
523
+ }
524
+
525
+ /* Copyright (c) 2018-2020 Environmental Systems Research Institute, Inc.
526
+ * Apache-2.0 */
527
+ /**
528
+ * Validates that the user has access to the application
529
+ * and if they user should be presented a "View Only" mode
530
+ *
531
+ * This is only needed/valid for Esri applications that are "licensed"
532
+ * and shipped in ArcGIS Online or ArcGIS Enterprise. Most custom applications
533
+ * should not need or use this.
534
+ *
535
+ * ```js
536
+ * import { validateAppAccess } from '@esri/arcgis-rest-auth';
537
+ *
538
+ * return validateAppAccess('your-token', 'theClientId')
539
+ * .then((result) => {
540
+ * if (!result.value) {
541
+ * // redirect or show some other ui
542
+ * } else {
543
+ * if (result.viewOnlyUserTypeApp) {
544
+ * // use this to inform your app to show a "View Only" mode
545
+ * }
546
+ * }
547
+ * })
548
+ * .catch((err) => {
549
+ * // two possible errors
550
+ * // invalid clientId: {"error":{"code":400,"messageCode":"GWM_0007","message":"Invalid request","details":[]}}
551
+ * // invalid token: {"error":{"code":498,"message":"Invalid token.","details":[]}}
552
+ * })
553
+ * ```
554
+ *
555
+ * Note: This is only usable by Esri applications hosted on *arcgis.com, *esri.com or within
556
+ * an ArcGIS Enterprise installation. Custom applications can not use this.
557
+ *
558
+ * @param token platform token
559
+ * @param clientId application client id
560
+ * @param portal Optional
561
+ */
562
+ function validateAppAccess(token, clientId, portal) {
563
+ if (portal === void 0) { portal = "https://www.arcgis.com/sharing/rest"; }
564
+ var url = portal + "/oauth2/validateAppAccess";
565
+ var ro = {
566
+ method: "POST",
567
+ params: {
568
+ f: "json",
569
+ client_id: clientId,
570
+ token: token,
571
+ },
572
+ };
573
+ return request(url, ro);
574
+ }
575
+
576
+ /* Copyright (c) 2017-2019 Environmental Systems Research Institute, Inc.
577
+ * Apache-2.0 */
578
+ function defer() {
579
+ var deferred = {
580
+ promise: null,
581
+ resolve: null,
582
+ reject: null,
583
+ };
584
+ deferred.promise = new Promise(function (resolve, reject) {
585
+ deferred.resolve = resolve;
586
+ deferred.reject = reject;
587
+ });
588
+ return deferred;
589
+ }
590
+ /**
591
+ * ```js
592
+ * import { UserSession } from '@esri/arcgis-rest-auth';
593
+ * UserSession.beginOAuth2({
594
+ * // register an app of your own to create a unique clientId
595
+ * clientId: "abc123",
596
+ * redirectUri: 'https://yourapp.com/authenticate.html'
597
+ * })
598
+ * .then(session)
599
+ * // or
600
+ * new UserSession({
601
+ * username: "jsmith",
602
+ * password: "123456"
603
+ * })
604
+ * // or
605
+ * UserSession.deserialize(cache)
606
+ * ```
607
+ * Used to authenticate both ArcGIS Online and ArcGIS Enterprise users. `UserSession` includes helper methods for [OAuth 2.0](/arcgis-rest-js/guides/browser-authentication/) in both browser and server applications.
608
+ */
609
+ var UserSession = /** @class */ (function () {
610
+ function UserSession(options) {
611
+ this.clientId = options.clientId;
612
+ this._refreshToken = options.refreshToken;
613
+ this._refreshTokenExpires = options.refreshTokenExpires;
614
+ this.username = options.username;
615
+ this.password = options.password;
616
+ this._token = options.token;
617
+ this._tokenExpires = options.tokenExpires;
618
+ this.portal = options.portal
619
+ ? cleanUrl(options.portal)
620
+ : "https://www.arcgis.com/sharing/rest";
621
+ this.ssl = options.ssl;
622
+ this.provider = options.provider || "arcgis";
623
+ this.tokenDuration = options.tokenDuration || 20160;
624
+ this.redirectUri = options.redirectUri;
625
+ this.refreshTokenTTL = options.refreshTokenTTL || 20160;
626
+ this.server = options.server;
627
+ this.federatedServers = {};
628
+ this.trustedDomains = [];
629
+ // if a non-federated server was passed explicitly, it should be trusted.
630
+ if (options.server) {
631
+ // if the url includes more than '/arcgis/', trim the rest
632
+ var root = this.getServerRootUrl(options.server);
633
+ this.federatedServers[root] = {
634
+ token: options.token,
635
+ expires: options.tokenExpires,
636
+ };
637
+ }
638
+ this._pendingTokenRequests = {};
639
+ }
640
+ Object.defineProperty(UserSession.prototype, "token", {
641
+ /**
642
+ * The current ArcGIS Online or ArcGIS Enterprise `token`.
643
+ */
644
+ get: function () {
645
+ return this._token;
646
+ },
647
+ enumerable: false,
648
+ configurable: true
649
+ });
650
+ Object.defineProperty(UserSession.prototype, "tokenExpires", {
651
+ /**
652
+ * The expiration time of the current `token`.
653
+ */
654
+ get: function () {
655
+ return this._tokenExpires;
656
+ },
657
+ enumerable: false,
658
+ configurable: true
659
+ });
660
+ Object.defineProperty(UserSession.prototype, "refreshToken", {
661
+ /**
662
+ * The current token to ArcGIS Online or ArcGIS Enterprise.
663
+ */
664
+ get: function () {
665
+ return this._refreshToken;
666
+ },
667
+ enumerable: false,
668
+ configurable: true
669
+ });
670
+ Object.defineProperty(UserSession.prototype, "refreshTokenExpires", {
671
+ /**
672
+ * The expiration time of the current `refreshToken`.
673
+ */
674
+ get: function () {
675
+ return this._refreshTokenExpires;
676
+ },
677
+ enumerable: false,
678
+ configurable: true
679
+ });
680
+ Object.defineProperty(UserSession.prototype, "trustedServers", {
681
+ /**
682
+ * Deprecated, use `federatedServers` instead.
683
+ *
684
+ * @deprecated
685
+ */
686
+ get: function () {
687
+ console.log("DEPRECATED: use federatedServers instead");
688
+ return this.federatedServers;
689
+ },
690
+ enumerable: false,
691
+ configurable: true
692
+ });
693
+ /**
694
+ * Begins a new browser-based OAuth 2.0 sign in. If `options.popup` is `true` the
695
+ * authentication window will open in a new tab/window and the function will return
696
+ * Promise&lt;UserSession&gt;. Otherwise, the user will be redirected to the
697
+ * authorization page in their current tab/window and the function will return `undefined`.
698
+ *
699
+ * @browserOnly
700
+ */
701
+ /* istanbul ignore next */
702
+ UserSession.beginOAuth2 = function (options, win) {
703
+ if (win === void 0) { win = window; }
704
+ if (options.duration) {
705
+ console.log("DEPRECATED: 'duration' is deprecated - use 'expiration' instead");
706
+ }
707
+ var _a = __assign({
708
+ portal: "https://www.arcgis.com/sharing/rest",
709
+ provider: "arcgis",
710
+ expiration: 20160,
711
+ popup: true,
712
+ popupWindowFeatures: "height=400,width=600,menubar=no,location=yes,resizable=yes,scrollbars=yes,status=yes",
713
+ state: options.clientId,
714
+ locale: "",
715
+ }, options), portal = _a.portal, provider = _a.provider, clientId = _a.clientId, expiration = _a.expiration, redirectUri = _a.redirectUri, popup = _a.popup, popupWindowFeatures = _a.popupWindowFeatures, state = _a.state, locale = _a.locale, params = _a.params;
716
+ var url;
717
+ if (provider === "arcgis") {
718
+ url = portal + "/oauth2/authorize?client_id=" + clientId + "&response_type=token&expiration=" + (options.duration || expiration) + "&redirect_uri=" + encodeURIComponent(redirectUri) + "&state=" + state + "&locale=" + locale;
719
+ }
720
+ else {
721
+ url = portal + "/oauth2/social/authorize?client_id=" + clientId + "&socialLoginProviderName=" + provider + "&autoAccountCreateForSocial=true&response_type=token&expiration=" + (options.duration || expiration) + "&redirect_uri=" + encodeURIComponent(redirectUri) + "&state=" + state + "&locale=" + locale;
722
+ }
723
+ // append additional params
724
+ if (params) {
725
+ url = url + "&" + encodeQueryString(params);
726
+ }
727
+ if (!popup) {
728
+ win.location.href = url;
729
+ return undefined;
730
+ }
731
+ var session = defer();
732
+ win["__ESRI_REST_AUTH_HANDLER_" + clientId] = function (errorString, oauthInfoString) {
733
+ if (errorString) {
734
+ var error = JSON.parse(errorString);
735
+ session.reject(new ArcGISAuthError(error.errorMessage, error.error));
736
+ return;
737
+ }
738
+ if (oauthInfoString) {
739
+ var oauthInfo = JSON.parse(oauthInfoString);
740
+ session.resolve(new UserSession({
741
+ clientId: clientId,
742
+ portal: portal,
743
+ ssl: oauthInfo.ssl,
744
+ token: oauthInfo.token,
745
+ tokenExpires: new Date(oauthInfo.expires),
746
+ username: oauthInfo.username,
747
+ }));
748
+ }
749
+ };
750
+ win.open(url, "oauth-window", popupWindowFeatures);
751
+ return session.promise;
752
+ };
753
+ /**
754
+ * Completes a browser-based OAuth 2.0 sign in. If `options.popup` is `true` the user
755
+ * will be returned to the previous window. Otherwise a new `UserSession`
756
+ * will be returned. You must pass the same values for `options.popup` and
757
+ * `options.portal` as you used in `beginOAuth2()`.
758
+ *
759
+ * @browserOnly
760
+ */
761
+ /* istanbul ignore next */
762
+ UserSession.completeOAuth2 = function (options, win) {
763
+ if (win === void 0) { win = window; }
764
+ var _a = __assign({ portal: "https://www.arcgis.com/sharing/rest", popup: true }, options), portal = _a.portal, clientId = _a.clientId, popup = _a.popup;
765
+ function completeSignIn(error, oauthInfo) {
766
+ try {
767
+ var handlerFn = void 0;
768
+ var handlerFnName = "__ESRI_REST_AUTH_HANDLER_" + clientId;
769
+ if (popup) {
770
+ // Guard b/c IE does not support window.opener
771
+ if (win.opener) {
772
+ if (win.opener.parent && win.opener.parent[handlerFnName]) {
773
+ handlerFn = win.opener.parent[handlerFnName];
774
+ }
775
+ else if (win.opener && win.opener[handlerFnName]) {
776
+ // support pop-out oauth from within an iframe
777
+ handlerFn = win.opener[handlerFnName];
778
+ }
779
+ }
780
+ else {
781
+ // IE
782
+ if (win !== win.parent && win.parent && win.parent[handlerFnName]) {
783
+ handlerFn = win.parent[handlerFnName];
784
+ }
785
+ }
786
+ // if we have a handler fn, call it and close the window
787
+ if (handlerFn) {
788
+ handlerFn(error ? JSON.stringify(error) : undefined, JSON.stringify(oauthInfo));
789
+ win.close();
790
+ return undefined;
791
+ }
792
+ }
793
+ }
794
+ catch (e) {
795
+ throw new ArcGISAuthError("Unable to complete authentication. It's possible you specified popup based oAuth2 but no handler from \"beginOAuth2()\" present. This generally happens because the \"popup\" option differs between \"beginOAuth2()\" and \"completeOAuth2()\".");
796
+ }
797
+ if (error) {
798
+ throw new ArcGISAuthError(error.errorMessage, error.error);
799
+ }
800
+ return new UserSession({
801
+ clientId: clientId,
802
+ portal: portal,
803
+ ssl: oauthInfo.ssl,
804
+ token: oauthInfo.token,
805
+ tokenExpires: oauthInfo.expires,
806
+ username: oauthInfo.username,
807
+ });
808
+ }
809
+ var params = decodeQueryString(win.location.hash);
810
+ if (!params.access_token) {
811
+ var error = void 0;
812
+ var errorMessage = "Unknown error";
813
+ if (params.error) {
814
+ error = params.error;
815
+ errorMessage = params.error_description;
816
+ }
817
+ return completeSignIn({ error: error, errorMessage: errorMessage });
818
+ }
819
+ var token = params.access_token;
820
+ var expires = new Date(Date.now() + parseInt(params.expires_in, 10) * 1000 - 60 * 1000);
821
+ var username = params.username;
822
+ var ssl = params.ssl === "true";
823
+ return completeSignIn(undefined, {
824
+ token: token,
825
+ expires: expires,
826
+ ssl: ssl,
827
+ username: username,
828
+ });
829
+ };
830
+ /**
831
+ * Request session information from the parent application
832
+ *
833
+ * When an application is embedded into another application via an IFrame, the embedded app can
834
+ * use `window.postMessage` to request credentials from the host application. This function wraps
835
+ * that behavior.
836
+ *
837
+ * The ArcGIS API for Javascript has this built into the Identity Manager as of the 4.19 release.
838
+ *
839
+ * Note: The parent application will not respond if the embedded app's origin is not:
840
+ * - the same origin as the parent or *.arcgis.com (JSAPI)
841
+ * - in the list of valid child origins (REST-JS)
842
+ *
843
+ *
844
+ * @param parentOrigin origin of the parent frame. Passed into the embedded application as `parentOrigin` query param
845
+ * @browserOnly
846
+ */
847
+ UserSession.fromParent = function (parentOrigin, win) {
848
+ /* istanbul ignore next: must pass in a mockwindow for tests so we can't cover the other branch */
849
+ if (!win && window) {
850
+ win = window;
851
+ }
852
+ // Declare handler outside of promise scope so we can detach it
853
+ var handler;
854
+ // return a promise that will resolve when the handler receives
855
+ // session information from the correct origin
856
+ return new Promise(function (resolve, reject) {
857
+ // create an event handler that just wraps the parentMessageHandler
858
+ handler = function (event) {
859
+ // ensure we only listen to events from the parent
860
+ if (event.source === win.parent && event.data) {
861
+ try {
862
+ return resolve(UserSession.parentMessageHandler(event));
863
+ }
864
+ catch (err) {
865
+ return reject(err);
866
+ }
867
+ }
868
+ };
869
+ // add listener
870
+ win.addEventListener("message", handler, false);
871
+ win.parent.postMessage({ type: "arcgis:auth:requestCredential" }, parentOrigin);
872
+ }).then(function (session) {
873
+ win.removeEventListener("message", handler, false);
874
+ return session;
875
+ });
876
+ };
877
+ /**
878
+ * Begins a new server-based OAuth 2.0 sign in. This will redirect the user to
879
+ * the ArcGIS Online or ArcGIS Enterprise authorization page.
880
+ *
881
+ * @nodeOnly
882
+ */
883
+ UserSession.authorize = function (options, response) {
884
+ if (options.duration) {
885
+ console.log("DEPRECATED: 'duration' is deprecated - use 'expiration' instead");
886
+ }
887
+ var _a = __assign({ portal: "https://arcgis.com/sharing/rest", expiration: 20160 }, options), portal = _a.portal, clientId = _a.clientId, expiration = _a.expiration, redirectUri = _a.redirectUri;
888
+ response.writeHead(301, {
889
+ Location: portal + "/oauth2/authorize?client_id=" + clientId + "&expiration=" + (options.duration || expiration) + "&response_type=code&redirect_uri=" + encodeURIComponent(redirectUri),
890
+ });
891
+ response.end();
892
+ };
893
+ /**
894
+ * Completes the server-based OAuth 2.0 sign in process by exchanging the `authorizationCode`
895
+ * for a `access_token`.
896
+ *
897
+ * @nodeOnly
898
+ */
899
+ UserSession.exchangeAuthorizationCode = function (options, authorizationCode) {
900
+ var _a = __assign({
901
+ portal: "https://www.arcgis.com/sharing/rest",
902
+ refreshTokenTTL: 20160,
903
+ }, options), portal = _a.portal, clientId = _a.clientId, redirectUri = _a.redirectUri, refreshTokenTTL = _a.refreshTokenTTL;
904
+ return fetchToken(portal + "/oauth2/token", {
905
+ params: {
906
+ grant_type: "authorization_code",
907
+ client_id: clientId,
908
+ redirect_uri: redirectUri,
909
+ code: authorizationCode,
910
+ },
911
+ }).then(function (response) {
912
+ return new UserSession({
913
+ clientId: clientId,
914
+ portal: portal,
915
+ ssl: response.ssl,
916
+ redirectUri: redirectUri,
917
+ refreshToken: response.refreshToken,
918
+ refreshTokenTTL: refreshTokenTTL,
919
+ refreshTokenExpires: new Date(Date.now() + (refreshTokenTTL - 1) * 60 * 1000),
920
+ token: response.token,
921
+ tokenExpires: response.expires,
922
+ username: response.username,
923
+ });
924
+ });
925
+ };
926
+ UserSession.deserialize = function (str) {
927
+ var options = JSON.parse(str);
928
+ return new UserSession({
929
+ clientId: options.clientId,
930
+ refreshToken: options.refreshToken,
931
+ refreshTokenExpires: new Date(options.refreshTokenExpires),
932
+ username: options.username,
933
+ password: options.password,
934
+ token: options.token,
935
+ tokenExpires: new Date(options.tokenExpires),
936
+ portal: options.portal,
937
+ ssl: options.ssl,
938
+ tokenDuration: options.tokenDuration,
939
+ redirectUri: options.redirectUri,
940
+ refreshTokenTTL: options.refreshTokenTTL,
941
+ });
942
+ };
943
+ /**
944
+ * Translates authentication from the format used in the [ArcGIS API for JavaScript](https://developers.arcgis.com/javascript/).
945
+ *
946
+ * ```js
947
+ * UserSession.fromCredential({
948
+ * userId: "jsmith",
949
+ * token: "secret"
950
+ * });
951
+ * ```
952
+ *
953
+ * @returns UserSession
954
+ */
955
+ UserSession.fromCredential = function (credential) {
956
+ // At ArcGIS Online 9.1, credentials no longer include the ssl and expires properties
957
+ // Here, we provide default values for them to cover this condition
958
+ var ssl = typeof credential.ssl !== "undefined" ? credential.ssl : true;
959
+ var expires = credential.expires || Date.now() + 7200000; /* 2 hours */
960
+ return new UserSession({
961
+ portal: credential.server.includes("sharing/rest")
962
+ ? credential.server
963
+ : credential.server + "/sharing/rest",
964
+ ssl: ssl,
965
+ token: credential.token,
966
+ username: credential.userId,
967
+ tokenExpires: new Date(expires),
968
+ });
969
+ };
970
+ /**
971
+ * Handle the response from the parent
972
+ * @param event DOM Event
973
+ */
974
+ UserSession.parentMessageHandler = function (event) {
975
+ if (event.data.type === "arcgis:auth:credential") {
976
+ return UserSession.fromCredential(event.data.credential);
977
+ }
978
+ if (event.data.type === "arcgis:auth:error") {
979
+ var err = new Error(event.data.error.message);
980
+ err.name = event.data.error.name;
981
+ throw err;
982
+ }
983
+ else {
984
+ throw new Error("Unknown message type.");
985
+ }
986
+ };
987
+ /**
988
+ * Returns authentication in a format useable in the [ArcGIS API for JavaScript](https://developers.arcgis.com/javascript/).
989
+ *
990
+ * ```js
991
+ * esriId.registerToken(session.toCredential());
992
+ * ```
993
+ *
994
+ * @returns ICredential
995
+ */
996
+ UserSession.prototype.toCredential = function () {
997
+ return {
998
+ expires: this.tokenExpires.getTime(),
999
+ server: this.portal,
1000
+ ssl: this.ssl,
1001
+ token: this.token,
1002
+ userId: this.username,
1003
+ };
1004
+ };
1005
+ /**
1006
+ * Returns information about the currently logged in [user](https://developers.arcgis.com/rest/users-groups-and-items/user.htm). Subsequent calls will *not* result in additional web traffic.
1007
+ *
1008
+ * ```js
1009
+ * session.getUser()
1010
+ * .then(response => {
1011
+ * console.log(response.role); // "org_admin"
1012
+ * })
1013
+ * ```
1014
+ *
1015
+ * @param requestOptions - Options for the request. NOTE: `rawResponse` is not supported by this operation.
1016
+ * @returns A Promise that will resolve with the data from the response.
1017
+ */
1018
+ UserSession.prototype.getUser = function (requestOptions) {
1019
+ var _this = this;
1020
+ if (this._pendingUserRequest) {
1021
+ return this._pendingUserRequest;
1022
+ }
1023
+ else if (this._user) {
1024
+ return Promise.resolve(this._user);
1025
+ }
1026
+ else {
1027
+ var url = this.portal + "/community/self";
1028
+ var options = __assign(__assign({ httpMethod: "GET", authentication: this }, requestOptions), { rawResponse: false });
1029
+ this._pendingUserRequest = request(url, options).then(function (response) {
1030
+ _this._user = response;
1031
+ _this._pendingUserRequest = null;
1032
+ return response;
1033
+ });
1034
+ return this._pendingUserRequest;
1035
+ }
1036
+ };
1037
+ /**
1038
+ * Returns information about the currently logged in user's [portal](https://developers.arcgis.com/rest/users-groups-and-items/portal-self.htm). Subsequent calls will *not* result in additional web traffic.
1039
+ *
1040
+ * ```js
1041
+ * session.getPortal()
1042
+ * .then(response => {
1043
+ * console.log(portal.name); // "City of ..."
1044
+ * })
1045
+ * ```
1046
+ *
1047
+ * @param requestOptions - Options for the request. NOTE: `rawResponse` is not supported by this operation.
1048
+ * @returns A Promise that will resolve with the data from the response.
1049
+ */
1050
+ UserSession.prototype.getPortal = function (requestOptions) {
1051
+ var _this = this;
1052
+ if (this._pendingPortalRequest) {
1053
+ return this._pendingPortalRequest;
1054
+ }
1055
+ else if (this._portalInfo) {
1056
+ return Promise.resolve(this._portalInfo);
1057
+ }
1058
+ else {
1059
+ var url = this.portal + "/portals/self";
1060
+ var options = __assign(__assign({ httpMethod: "GET", authentication: this }, requestOptions), { rawResponse: false });
1061
+ this._pendingPortalRequest = request(url, options).then(function (response) {
1062
+ _this._portalInfo = response;
1063
+ _this._pendingPortalRequest = null;
1064
+ return response;
1065
+ });
1066
+ return this._pendingPortalRequest;
1067
+ }
1068
+ };
1069
+ /**
1070
+ * Returns the username for the currently logged in [user](https://developers.arcgis.com/rest/users-groups-and-items/user.htm). Subsequent calls will *not* result in additional web traffic. This is also used internally when a username is required for some requests but is not present in the options.
1071
+ *
1072
+ * * ```js
1073
+ * session.getUsername()
1074
+ * .then(response => {
1075
+ * console.log(response); // "casey_jones"
1076
+ * })
1077
+ * ```
1078
+ */
1079
+ UserSession.prototype.getUsername = function () {
1080
+ if (this.username) {
1081
+ return Promise.resolve(this.username);
1082
+ }
1083
+ else if (this._user) {
1084
+ return Promise.resolve(this._user.username);
1085
+ }
1086
+ else {
1087
+ return this.getUser().then(function (user) {
1088
+ return user.username;
1089
+ });
1090
+ }
1091
+ };
1092
+ /**
1093
+ * Gets an appropriate token for the given URL. If `portal` is ArcGIS Online and
1094
+ * the request is to an ArcGIS Online domain `token` will be used. If the request
1095
+ * is to the current `portal` the current `token` will also be used. However if
1096
+ * the request is to an unknown server we will validate the server with a request
1097
+ * to our current `portal`.
1098
+ */
1099
+ UserSession.prototype.getToken = function (url, requestOptions) {
1100
+ if (canUseOnlineToken(this.portal, url)) {
1101
+ return this.getFreshToken(requestOptions);
1102
+ }
1103
+ else if (new RegExp(this.portal, "i").test(url)) {
1104
+ return this.getFreshToken(requestOptions);
1105
+ }
1106
+ else {
1107
+ return this.getTokenForServer(url, requestOptions);
1108
+ }
1109
+ };
1110
+ /**
1111
+ * Get application access information for the current user
1112
+ * see `validateAppAccess` function for details
1113
+ *
1114
+ * @param clientId application client id
1115
+ */
1116
+ UserSession.prototype.validateAppAccess = function (clientId) {
1117
+ return this.getToken(this.portal).then(function (token) {
1118
+ return validateAppAccess(token, clientId);
1119
+ });
1120
+ };
1121
+ UserSession.prototype.toJSON = function () {
1122
+ return {
1123
+ clientId: this.clientId,
1124
+ refreshToken: this.refreshToken,
1125
+ refreshTokenExpires: this.refreshTokenExpires,
1126
+ username: this.username,
1127
+ password: this.password,
1128
+ token: this.token,
1129
+ tokenExpires: this.tokenExpires,
1130
+ portal: this.portal,
1131
+ ssl: this.ssl,
1132
+ tokenDuration: this.tokenDuration,
1133
+ redirectUri: this.redirectUri,
1134
+ refreshTokenTTL: this.refreshTokenTTL,
1135
+ };
1136
+ };
1137
+ UserSession.prototype.serialize = function () {
1138
+ return JSON.stringify(this);
1139
+ };
1140
+ /**
1141
+ * For a "Host" app that embeds other platform apps via iframes, after authenticating the user
1142
+ * and creating a UserSession, the app can then enable "post message" style authentication by calling
1143
+ * this method.
1144
+ *
1145
+ * Internally this adds an event listener on window for the `message` event
1146
+ *
1147
+ * @param validChildOrigins Array of origins that are allowed to request authentication from the host app
1148
+ */
1149
+ UserSession.prototype.enablePostMessageAuth = function (validChildOrigins, win) {
1150
+ /* istanbul ignore next: must pass in a mockwindow for tests so we can't cover the other branch */
1151
+ if (!win && window) {
1152
+ win = window;
1153
+ }
1154
+ this._hostHandler = this.createPostMessageHandler(validChildOrigins);
1155
+ win.addEventListener("message", this._hostHandler, false);
1156
+ };
1157
+ /**
1158
+ * For a "Host" app that has embedded other platform apps via iframes, when the host needs
1159
+ * to transition routes, it should call `UserSession.disablePostMessageAuth()` to remove
1160
+ * the event listener and prevent memory leaks
1161
+ */
1162
+ UserSession.prototype.disablePostMessageAuth = function (win) {
1163
+ /* istanbul ignore next: must pass in a mockwindow for tests so we can't cover the other branch */
1164
+ if (!win && window) {
1165
+ win = window;
1166
+ }
1167
+ win.removeEventListener("message", this._hostHandler, false);
1168
+ };
1169
+ /**
1170
+ * Manually refreshes the current `token` and `tokenExpires`.
1171
+ */
1172
+ UserSession.prototype.refreshSession = function (requestOptions) {
1173
+ // make sure subsequent calls to getUser() don't returned cached metadata
1174
+ this._user = null;
1175
+ if (this.username && this.password) {
1176
+ return this.refreshWithUsernameAndPassword(requestOptions);
1177
+ }
1178
+ if (this.clientId && this.refreshToken) {
1179
+ return this.refreshWithRefreshToken();
1180
+ }
1181
+ return Promise.reject(new ArcGISAuthError("Unable to refresh token."));
1182
+ };
1183
+ /**
1184
+ * Determines the root of the ArcGIS Server or Portal for a given URL.
1185
+ *
1186
+ * @param url the URl to determine the root url for.
1187
+ */
1188
+ UserSession.prototype.getServerRootUrl = function (url) {
1189
+ var root = cleanUrl(url).split(/\/rest(\/admin)?\/services(?:\/|#|\?|$)/)[0];
1190
+ var _a = root.match(/(https?:\/\/)(.+)/), protocol = _a[1], domainAndPath = _a[2];
1191
+ var _b = domainAndPath.split("/"), domain = _b[0], path = _b.slice(1);
1192
+ // only the domain is lowercased because in some cases an org id might be
1193
+ // in the path which cannot be lowercased.
1194
+ return "" + protocol + domain.toLowerCase() + "/" + path.join("/");
1195
+ };
1196
+ /**
1197
+ * Returns the proper [`credentials`] option for `fetch` for a given domain.
1198
+ * See [trusted server](https://enterprise.arcgis.com/en/portal/latest/administer/windows/configure-security.htm#ESRI_SECTION1_70CC159B3540440AB325BE5D89DBE94A).
1199
+ * Used internally by underlying request methods to add support for specific security considerations.
1200
+ *
1201
+ * @param url The url of the request
1202
+ * @returns "include" or "same-origin"
1203
+ */
1204
+ UserSession.prototype.getDomainCredentials = function (url) {
1205
+ if (!this.trustedDomains || !this.trustedDomains.length) {
1206
+ return "same-origin";
1207
+ }
1208
+ return this.trustedDomains.some(function (domainWithProtocol) {
1209
+ return url.startsWith(domainWithProtocol);
1210
+ })
1211
+ ? "include"
1212
+ : "same-origin";
1213
+ };
1214
+ /**
1215
+ * Return a function that closes over the validOrigins array and
1216
+ * can be used as an event handler for the `message` event
1217
+ *
1218
+ * @param validOrigins Array of valid origins
1219
+ */
1220
+ UserSession.prototype.createPostMessageHandler = function (validOrigins) {
1221
+ var _this = this;
1222
+ // return a function that closes over the validOrigins and
1223
+ // has access to the credential
1224
+ return function (event) {
1225
+ // Verify that the origin is valid
1226
+ // Note: do not use regex's here. validOrigins is an array so we're checking that the event's origin
1227
+ // is in the array via exact match. More info about avoiding postMessage xss issues here
1228
+ // https://jlajara.gitlab.io/web/2020/07/17/Dom_XSS_PostMessage_2.html#tipsbypasses-in-postmessage-vulnerabilities
1229
+ var isValidOrigin = validOrigins.indexOf(event.origin) > -1;
1230
+ // JSAPI handles this slightly differently - instead of checking a list, it will respond if
1231
+ // event.origin === window.location.origin || event.origin.endsWith('.arcgis.com')
1232
+ // For Hub, and to enable cross domain debugging with port's in urls, we are opting to
1233
+ // use a list of valid origins
1234
+ // Ensure the message type is something we want to handle
1235
+ var isValidType = event.data.type === "arcgis:auth:requestCredential";
1236
+ var isTokenValid = _this.tokenExpires.getTime() > Date.now();
1237
+ if (isValidOrigin && isValidType) {
1238
+ var msg = {};
1239
+ if (isTokenValid) {
1240
+ var credential = _this.toCredential();
1241
+ // arcgis:auth:error with {name: "", message: ""}
1242
+ // the following line allows us to conform to our spec without changing other depended-on functionality
1243
+ // https://github.com/Esri/arcgis-rest-js/blob/master/packages/arcgis-rest-auth/post-message-auth-spec.md#arcgisauthcredential
1244
+ credential.server = credential.server.replace("/sharing/rest", "");
1245
+ msg = { type: "arcgis:auth:credential", credential: credential };
1246
+ }
1247
+ else {
1248
+ // Return an error
1249
+ msg = {
1250
+ type: "arcgis:auth:error",
1251
+ error: {
1252
+ name: "tokenExpiredError",
1253
+ message: "Session token was expired, and not returned to the child application",
1254
+ },
1255
+ };
1256
+ }
1257
+ event.source.postMessage(msg, event.origin);
1258
+ }
1259
+ };
1260
+ };
1261
+ /**
1262
+ * Validates that a given URL is properly federated with our current `portal`.
1263
+ * Attempts to use the internal `federatedServers` cache first.
1264
+ */
1265
+ UserSession.prototype.getTokenForServer = function (url, requestOptions) {
1266
+ var _this = this;
1267
+ // requests to /rest/services/ and /rest/admin/services/ are both valid
1268
+ // Federated servers may have inconsistent casing, so lowerCase it
1269
+ var root = this.getServerRootUrl(url);
1270
+ var existingToken = this.federatedServers[root];
1271
+ if (existingToken &&
1272
+ existingToken.expires &&
1273
+ existingToken.expires.getTime() > Date.now()) {
1274
+ return Promise.resolve(existingToken.token);
1275
+ }
1276
+ if (this._pendingTokenRequests[root]) {
1277
+ return this._pendingTokenRequests[root];
1278
+ }
1279
+ this._pendingTokenRequests[root] = this.fetchAuthorizedDomains().then(function () {
1280
+ return request(root + "/rest/info", {
1281
+ credentials: _this.getDomainCredentials(url),
1282
+ })
1283
+ .then(function (response) {
1284
+ if (response.owningSystemUrl) {
1285
+ /**
1286
+ * if this server is not owned by this portal
1287
+ * bail out with an error since we know we wont
1288
+ * be able to generate a token
1289
+ */
1290
+ if (!isFederated(response.owningSystemUrl, _this.portal)) {
1291
+ throw new ArcGISAuthError(url + " is not federated with " + _this.portal + ".", "NOT_FEDERATED");
1292
+ }
1293
+ else {
1294
+ /**
1295
+ * if the server is federated, use the relevant token endpoint.
1296
+ */
1297
+ return request(response.owningSystemUrl + "/sharing/rest/info", requestOptions);
1298
+ }
1299
+ }
1300
+ else if (response.authInfo &&
1301
+ _this.federatedServers[root] !== undefined) {
1302
+ /**
1303
+ * if its a stand-alone instance of ArcGIS Server that doesn't advertise
1304
+ * federation, but the root server url is recognized, use its built in token endpoint.
1305
+ */
1306
+ return Promise.resolve({
1307
+ authInfo: response.authInfo,
1308
+ });
1309
+ }
1310
+ else {
1311
+ throw new ArcGISAuthError(url + " is not federated with any portal and is not explicitly trusted.", "NOT_FEDERATED");
1312
+ }
1313
+ })
1314
+ .then(function (response) {
1315
+ return response.authInfo.tokenServicesUrl;
1316
+ })
1317
+ .then(function (tokenServicesUrl) {
1318
+ // an expired token cant be used to generate a new token
1319
+ if (_this.token && _this.tokenExpires.getTime() > Date.now()) {
1320
+ return generateToken(tokenServicesUrl, {
1321
+ params: {
1322
+ token: _this.token,
1323
+ serverUrl: url,
1324
+ expiration: _this.tokenDuration,
1325
+ client: "referer",
1326
+ },
1327
+ });
1328
+ // generate an entirely fresh token if necessary
1329
+ }
1330
+ else {
1331
+ return generateToken(tokenServicesUrl, {
1332
+ params: {
1333
+ username: _this.username,
1334
+ password: _this.password,
1335
+ expiration: _this.tokenDuration,
1336
+ client: "referer",
1337
+ },
1338
+ }).then(function (response) {
1339
+ _this._token = response.token;
1340
+ _this._tokenExpires = new Date(response.expires);
1341
+ return response;
1342
+ });
1343
+ }
1344
+ })
1345
+ .then(function (response) {
1346
+ _this.federatedServers[root] = {
1347
+ expires: new Date(response.expires),
1348
+ token: response.token,
1349
+ };
1350
+ delete _this._pendingTokenRequests[root];
1351
+ return response.token;
1352
+ });
1353
+ });
1354
+ return this._pendingTokenRequests[root];
1355
+ };
1356
+ /**
1357
+ * Returns an unexpired token for the current `portal`.
1358
+ */
1359
+ UserSession.prototype.getFreshToken = function (requestOptions) {
1360
+ var _this = this;
1361
+ if (this.token && !this.tokenExpires) {
1362
+ return Promise.resolve(this.token);
1363
+ }
1364
+ if (this.token &&
1365
+ this.tokenExpires &&
1366
+ this.tokenExpires.getTime() > Date.now()) {
1367
+ return Promise.resolve(this.token);
1368
+ }
1369
+ if (!this._pendingTokenRequests[this.portal]) {
1370
+ this._pendingTokenRequests[this.portal] = this.refreshSession(requestOptions).then(function (session) {
1371
+ _this._pendingTokenRequests[_this.portal] = null;
1372
+ return session.token;
1373
+ });
1374
+ }
1375
+ return this._pendingTokenRequests[this.portal];
1376
+ };
1377
+ /**
1378
+ * Refreshes the current `token` and `tokenExpires` with `username` and
1379
+ * `password`.
1380
+ */
1381
+ UserSession.prototype.refreshWithUsernameAndPassword = function (requestOptions) {
1382
+ var _this = this;
1383
+ var options = __assign({ params: {
1384
+ username: this.username,
1385
+ password: this.password,
1386
+ expiration: this.tokenDuration,
1387
+ } }, requestOptions);
1388
+ return generateToken(this.portal + "/generateToken", options).then(function (response) {
1389
+ _this._token = response.token;
1390
+ _this._tokenExpires = new Date(response.expires);
1391
+ return _this;
1392
+ });
1393
+ };
1394
+ /**
1395
+ * Refreshes the current `token` and `tokenExpires` with `refreshToken`.
1396
+ */
1397
+ UserSession.prototype.refreshWithRefreshToken = function (requestOptions) {
1398
+ var _this = this;
1399
+ if (this.refreshToken &&
1400
+ this.refreshTokenExpires &&
1401
+ this.refreshTokenExpires.getTime() < Date.now()) {
1402
+ return this.refreshRefreshToken(requestOptions);
1403
+ }
1404
+ var options = __assign({ params: {
1405
+ client_id: this.clientId,
1406
+ refresh_token: this.refreshToken,
1407
+ grant_type: "refresh_token",
1408
+ } }, requestOptions);
1409
+ return fetchToken(this.portal + "/oauth2/token", options).then(function (response) {
1410
+ _this._token = response.token;
1411
+ _this._tokenExpires = response.expires;
1412
+ return _this;
1413
+ });
1414
+ };
1415
+ /**
1416
+ * Exchanges an unexpired `refreshToken` for a new one, also updates `token` and
1417
+ * `tokenExpires`.
1418
+ */
1419
+ UserSession.prototype.refreshRefreshToken = function (requestOptions) {
1420
+ var _this = this;
1421
+ var options = __assign({ params: {
1422
+ client_id: this.clientId,
1423
+ refresh_token: this.refreshToken,
1424
+ redirect_uri: this.redirectUri,
1425
+ grant_type: "exchange_refresh_token",
1426
+ } }, requestOptions);
1427
+ return fetchToken(this.portal + "/oauth2/token", options).then(function (response) {
1428
+ _this._token = response.token;
1429
+ _this._tokenExpires = response.expires;
1430
+ _this._refreshToken = response.refreshToken;
1431
+ _this._refreshTokenExpires = new Date(Date.now() + (_this.refreshTokenTTL - 1) * 60 * 1000);
1432
+ return _this;
1433
+ });
1434
+ };
1435
+ /**
1436
+ * ensures that the authorizedCrossOriginDomains are obtained from the portal and cached
1437
+ * so we can check them later.
1438
+ *
1439
+ * @returns this
1440
+ */
1441
+ UserSession.prototype.fetchAuthorizedDomains = function () {
1442
+ var _this = this;
1443
+ // if this token is for a specific server or we don't have a portal
1444
+ // don't get the portal info because we cant get the authorizedCrossOriginDomains
1445
+ if (this.server || !this.portal) {
1446
+ return Promise.resolve(this);
1447
+ }
1448
+ return this.getPortal().then(function (portalInfo) {
1449
+ /**
1450
+ * Specific domains can be configured as secure.esri.com or https://secure.esri.com this
1451
+ * normalizes to https://secure.esri.com so we can use startsWith later.
1452
+ */
1453
+ if (portalInfo.authorizedCrossOriginDomains &&
1454
+ portalInfo.authorizedCrossOriginDomains.length) {
1455
+ _this.trustedDomains = portalInfo.authorizedCrossOriginDomains
1456
+ .filter(function (d) { return !d.startsWith("http://"); })
1457
+ .map(function (d) {
1458
+ if (d.startsWith("https://")) {
1459
+ return d;
1460
+ }
1461
+ else {
1462
+ return "https://" + d;
1463
+ }
1464
+ });
1465
+ }
1466
+ return _this;
1467
+ });
1468
+ };
1469
+ return UserSession;
1470
+ }());
1471
+
388
1472
  const solutionConfigurationCss = ".configuration-container{position:relative;height:100%;width:100%}.configuration{position:absolute;top:0px;right:0px;bottom:0px;left:0px;display:flex;padding:0.5rem;border:1px #808080 solid}.config-tabs{width:100%}.config-tab{width:100%}.config-solution{position:absolute;top:3.5rem;right:-1px;bottom:-1px;left:-1px;display:flex;padding:0.5rem}.config-inventory{display:inline;max-width:-moz-min-content;max-width:min-content;flex-grow:0;overflow-y:auto}.config-inventory-hide{display:none;max-width:-moz-min-content;max-width:min-content;flex-grow:0;overflow-y:auto}.config-item{position:relative;display:inline;flex-grow:1;overflow-y:auto;-webkit-margin-start:0.5rem;margin-inline-start:0.5rem}solution-contents{position:relative;height:100%}solution-item{position:relative;height:100%}solution-spatial-ref{position:relative;height:100%;width:100%;overflow-y:auto}";
389
1473
 
390
1474
  const SolutionConfiguration$1 = /*@__PURE__*/ proxyCustomElement(class extends HTMLElement {
@@ -400,7 +1484,7 @@ const SolutionConfiguration$1 = /*@__PURE__*/ proxyCustomElement(class extends H
400
1484
  this._solutionEditorHasChanges = false;
401
1485
  this._solutionEditorHasErrors = false;
402
1486
  this._canSave = false;
403
- this.authentication = undefined;
1487
+ this.authentication = new UserSession({});
404
1488
  this.solutionItemId = "";
405
1489
  this.showLoading = false;
406
1490
  this._currentEditItemId = "";