@frontegg/redux-store 5.61.0 → 6.0.1-alpha.2

package/auth/LoginState/saga.js

@@ -0,0 +1,860 @@
+import _objectWithoutPropertiesLoose from "@babel/runtime/helpers/esm/objectWithoutPropertiesLoose";
+import _extends from "@babel/runtime/helpers/esm/extends";
+const _excluded = ["callback"],
+      _excluded2 = ["callback", "events"],
+      _excluded3 = ["callback"];
+import { all, call, delay, put, select, takeLeading } from 'redux-saga/effects';
+import { api, AuthStrategyEnum, ContextHolder, fetch } from '@frontegg/rest-api';
+import { actions } from '../reducer';
+import { FRONTEGG_AFTER_AUTH_REDIRECT_URL, HOSTED_LOGIN_VERIFIER_KEY } from '../../constants';
+import { UserVeirifedOriginTypes } from '../interfaces';
+import { LoginStep } from './interfaces';
+import { loadAllowSignUps } from '../SignUp/saga';
+import { MFAStep } from '../MfaState/interfaces';
+import { userDemo } from '../dummy';
+import { SamlVendors } from '../SSOState/interfaces';
+import { loadVendorPublicInfo } from '../../vendor/saga';
+import { createRandomString, generateCodeChallenge } from '../../helpers';
+import { ResetPhoneNumberStep } from '../ResetPhoneNumberState/interfaces';
+const authStrategyLoginStepMap = {
+  [AuthStrategyEnum.Code]: LoginStep.loginWithOtc,
+  [AuthStrategyEnum.EmailAndPassword]: LoginStep.loginWithPassword,
+  [AuthStrategyEnum.MagicLink]: LoginStep.magicLinkPreLoginSuccess,
+  [AuthStrategyEnum.SmsCode]: LoginStep.loginWithSmsOtc
+};
+export function* afterAuthNavigation() {
+  var _window;
+
+  const onRedirectTo = ContextHolder.onRedirectTo;
+  const {
+    routes,
+    includeQueryParam
+  } = yield select(state => state.auth);
+  const {
+    loginUrl,
+    logoutUrl,
+    socialLoginCallbackUrl,
+    activateUrl
+  } = routes;
+  let {
+    authenticatedUrl
+  } = routes;
+  const afterAuthRedirect = window.localStorage.getItem(FRONTEGG_AFTER_AUTH_REDIRECT_URL);
+
+  if (afterAuthRedirect && ![loginUrl, logoutUrl, socialLoginCallbackUrl, activateUrl].includes(afterAuthRedirect)) {
+    authenticatedUrl = afterAuthRedirect;
+  }
+
+  window.localStorage.removeItem(FRONTEGG_AFTER_AUTH_REDIRECT_URL);
+  yield delay(200);
+  put(actions.resetLoginState());
+  const url = new URL((_window = window) == null ? void 0 : _window.location.href);
+  let redirectUrl = authenticatedUrl;
+
+  if (url.searchParams.get('redirectUrl')) {
+    var _url$searchParams$get;
+
+    redirectUrl = (_url$searchParams$get = url.searchParams.get('redirectUrl')) != null ? _url$searchParams$get : authenticatedUrl;
+  } else if (includeQueryParam) {
+    redirectUrl += window.location.search;
+  }
+
+  onRedirectTo(redirectUrl, {
+    refresh: redirectUrl.startsWith('http')
+  });
+}
+export function* refreshMetadata() {
+  let ssoACS;
+
+  try {
+    var _metadata$configurati;
+
+    const metadata = yield call(api.metadata.getSamlMetadata);
+    ssoACS = metadata == null ? void 0 : (_metadata$configurati = metadata.configuration) == null ? void 0 : _metadata$configurati.acsUrl;
+  } catch (e) {
+    console.error(e);
+  }
+
+  yield put(actions.setState({
+    ssoACS
+  }));
+}
+export function* loadSSOPublicConfigurationFunction() {
+  try {
+    const {
+      isActive
+    } = yield call(api.auth.getSSOPublicConfiguration);
+    yield put(actions.setState({
+      isSSOAuth: isActive
+    }));
+  } catch (e) {
+    console.error(e);
+  }
+}
+export const isMfaRequired = user => {
+  if (user.mfaRequired && user.mfaToken) {
+    ContextHolder.setAccessToken(null);
+    ContextHolder.setUser(null);
+    return true;
+  } else {
+    ContextHolder.setAccessToken(user.accessToken);
+    ContextHolder.setUser(user);
+    return false;
+  }
+};
+export function* getMfaRequiredState(user) {
+  let setMfaState = {};
+  let step = LoginStep.loginWithTwoFactor;
+  const {
+    loginState
+  } = yield select(state => state.auth);
+  const {
+    isAllowedToRemember,
+    mfaDeviceExpiration
+  } = yield call(api.auth.checkIfAllowToRememberMfaDevice, user.mfaToken);
+
+  if (user.hasOwnProperty('mfaEnrolled') && !user.mfaEnrolled) {
+    setMfaState = {
+      mfaState: {
+        step: MFAStep.verify,
+        qrCode: user.qrCode,
+        recoveryCode: user.recoveryCode,
+        loading: false,
+        mfaToken: user.mfaToken
+      }
+    };
+    step = LoginStep.forceTwoFactor;
+  }
+
+  return _extends({
+    user: undefined,
+    isAuthenticated: false
+  }, setMfaState, {
+    loginState: _extends({}, loginState, {
+      mfaToken: user.mfaToken,
+      mfaRequired: user.mfaRequired,
+      loading: false,
+      error: undefined,
+      step,
+      tenantsLoading: true,
+      tenants: [],
+      allowRememberMfaDevice: isAllowedToRemember,
+      mfaDeviceExpiration
+    })
+  });
+}
+export function* refreshToken() {
+  try {
+    const onRedirectTo = ContextHolder.onRedirectTo;
+    const {
+      routes,
+      loginState
+    } = yield select(state => state.auth);
+    const {
+      user,
+      tenants
+    } = yield call(api.auth.refreshTokenV2);
+
+    if (isMfaRequired(user)) {
+      const mfaRequiredState = yield getMfaRequiredState(user);
+      yield put(actions.setState(mfaRequiredState));
+      onRedirectTo(routes.loginUrl, {
+        preserveQueryParams: true
+      });
+    } else {
+      yield put(actions.setTenantsState({
+        tenants,
+        loading: false
+      }));
+      yield put(actions.setState({
+        user,
+        isAuthenticated: true
+      }));
+
+      if ([routes.loginUrl, routes.socialLoginCallbackUrl, routes.signUpUrl, routes.oidcRedirectUrl, routes.samlCallbackUrl].some(url => url && window.location.pathname.endsWith(url))) {
+        if (loginState.isNewUser && routes.signUpSuccessUrl && routes.socialLoginCallbackUrl === window.location.pathname) {
+          onRedirectTo(routes.signUpSuccessUrl, {
+            refresh: routes.signUpSuccessUrl.startsWith('http')
+          });
+        } else {
+          yield afterAuthNavigation();
+        }
+      }
+    }
+  } catch (e) {
+    ContextHolder.setAccessToken(null);
+    ContextHolder.setUser(null);
+    yield put(actions.setState({
+      user: undefined,
+      isAuthenticated: false
+    }));
+  }
+}
+
+function* requestAuthorize({
+  payload: firstTime
+}) {
+  const calls = [];
+
+  if (firstTime) {
+    yield put(actions.setState({
+      isLoading: true
+    }));
+    yield put(actions.loadSocialLoginsConfigurationV2());
+    calls.push(call(loadAllowSignUps));
+    calls.push(call(loadSSOPublicConfigurationFunction));
+    calls.push(call(loadVendorPublicInfo));
+    calls.push(call(refreshMetadata));
+  }
+
+  calls.push(call(refreshToken));
+  yield all(calls);
+  yield put(actions.setState({
+    isLoading: false
+  }));
+}
+
+function* refreshTokenSSR(accessToken) {
+  if (!accessToken) {
+    ContextHolder.setAccessToken(null);
+    ContextHolder.setUser(null);
+    yield put(actions.setState({
+      user: undefined,
+      isAuthenticated: false
+    }));
+    return;
+  }
+
+  try {
+    const onRedirectTo = ContextHolder.onRedirectTo;
+    const {
+      routes
+    } = yield select(state => state.auth);
+    const {
+      user,
+      tenants
+    } = yield call(api.auth.generateLoginResponseV2, {
+      accessToken
+    });
+
+    if (isMfaRequired(user)) {
+      const mfaRequiredState = yield getMfaRequiredState(user);
+      yield put(actions.setState(mfaRequiredState));
+      onRedirectTo(routes.loginUrl, {
+        preserveQueryParams: true
+      });
+    } else {
+      yield put(actions.setTenantsState({
+        tenants,
+        loading: false
+      }));
+      yield put(actions.setState({
+        user,
+        isAuthenticated: true
+      }));
+    }
+  } catch (e) {
+    ContextHolder.setAccessToken(null);
+    ContextHolder.setUser(null);
+    yield put(actions.setState({
+      user: undefined,
+      isAuthenticated: false
+    }));
+  }
+}
+
+function* requestAuthorizeSSR({
+  payload: accessToken
+}) {
+  const calls = [];
+  yield put(actions.setState({
+    isLoading: true
+  }));
+  yield put(actions.loadSocialLoginsConfigurationV2());
+  calls.push(call(loadAllowSignUps));
+  calls.push(call(loadSSOPublicConfigurationFunction));
+  calls.push(call(loadVendorPublicInfo));
+  calls.push(call(refreshMetadata));
+  calls.push(call(refreshTokenSSR, accessToken));
+  yield all(calls);
+  yield put(actions.setState({
+    isLoading: false
+  }));
+}
+
+function* requestHostedLoginAuthorize() {
+  const {
+    routes,
+    context,
+    onRedirectTo
+  } = yield select(state => ({
+    routes: state.auth.routes,
+    onRedirectTo: state.auth.onRedirectTo,
+    context: state.root.context
+  }));
+  const nonce = createRandomString();
+  const code_verifier = createRandomString();
+  const code_challenge = yield call(generateCodeChallenge, code_verifier);
+  localStorage.setItem(HOSTED_LOGIN_VERIFIER_KEY, code_verifier);
+  const redirectUrl = `${window.location.origin}${routes.hostedLoginRedirectUrl}`;
+  const baseUrl = fetch.getBaseUrl(context, '/oauth/authorize');
+  const oauthUrl = `${baseUrl}/oauth/authorize`;
+  const params = {
+    response_type: 'code',
+    client_id: context.clientId || 'INVALID-CLIENT-ID',
+    scope: 'openid email profile',
+    redirect_uri: redirectUrl,
+    code_challenge: code_challenge,
+    code_challenge_method: 'S256',
+    nonce
+  };
+  const searchParams = new URLSearchParams(params);
+  const url = `${oauthUrl}?${searchParams.toString()}`;
+  onRedirectTo(url, {
+    refresh: true
+  });
+}
+
+function* handleHostedLoginCallback({
+  payload
+}) {
+  const code_verifier = localStorage.getItem(HOSTED_LOGIN_VERIFIER_KEY) || 'INVALID-CODE-VERIFIER';
+  const routes = yield select(state => state.auth.routes);
+  const redirectUrl = `${window.location.origin}${routes.hostedLoginRedirectUrl}`;
+  const body = {
+    code: payload.code,
+    redirect_uri: redirectUrl,
+    code_verifier,
+    grant_type: 'authorization_code'
+  };
+  const user = yield call(api.auth.exchangeOAuthTokens, body);
+  yield put(actions.setState({
+    user,
+    isAuthenticated: true
+  }));
+  yield put(actions.loadTenants());
+  yield afterAuthNavigation();
+}
+
+function* passwordlessPreLogin(_ref) {
+  let {
+    payload: {
+      callback
+    }
+  } = _ref,
+      payload = _objectWithoutPropertiesLoose(_ref.payload, _excluded);
+
+  try {
+    const {
+      onRedirectTo,
+      routes
+    } = yield select(({
+      auth: {
+        onRedirectTo,
+        routes
+      }
+    }) => ({
+      onRedirectTo,
+      routes
+    }));
+    yield put(actions.setLoginState({
+      loading: true
+    }));
+    const preloginRes = yield call(api.auth.passwordlessPreLogin, payload);
+    const step = authStrategyLoginStepMap[payload.type];
+
+    if (step === LoginStep.loginWithSmsOtc && preloginRes.resetPhoneNumberToken) {
+      yield put(actions.setResetPhoneNumberState({
+        resetPhoneNumberToken: preloginRes.resetPhoneNumberToken,
+        step: ResetPhoneNumberStep.VerifyResetPhoneNumber
+      }));
+      onRedirectTo(routes.resetPhoneNumberUrl);
+      return;
+    }
+
+    yield put(actions.setLoginState({
+      step,
+      loading: false,
+      email: payload.email,
+      phoneNumber: preloginRes == null ? void 0 : preloginRes.phoneNumber
+    }));
+    callback == null ? void 0 : callback();
+  } catch (e) {
+    yield put(actions.setLoginState({
+      error: e.message,
+      loading: false
+    }));
+    callback == null ? void 0 : callback();
+  }
+}
+
+function* passwordlessPostLogin(_ref2) {
+  let {
+    payload: {
+      callback,
+      events
+    }
+  } = _ref2,
+      payload = _objectWithoutPropertiesLoose(_ref2.payload, _excluded2);
+
+  try {
+    yield put(actions.setLoginState({
+      loading: true
+    }));
+    const data = yield call(api.auth.passwordlessPostLogin, payload);
+
+    if (isMfaRequired(data)) {
+      const onRedirectTo = ContextHolder.onRedirectTo;
+      const {
+        routes
+      } = yield select(state => state.auth);
+      const mfaRequiredState = yield getMfaRequiredState(data);
+      yield put(actions.setState(mfaRequiredState));
+      onRedirectTo(routes.loginUrl, {
+        preserveQueryParams: true
+      });
+    } else {
+      const user = yield call(api.auth.generateLoginResponse, data);
+
+      if (data.emailVerified) {
+        var _events$userVerified;
+
+        events == null ? void 0 : (_events$userVerified = events.userVerified) == null ? void 0 : _events$userVerified.call(events, {
+          email: user.email,
+          origin: UserVeirifedOriginTypes.PASSWORDLESS,
+          id: user.id,
+          tenantId: user.tenantId,
+          createdAt: new Date(),
+          name: user.name
+        });
+      }
+
+      yield put(actions.loadTenants());
+      yield put(actions.setState({
+        user,
+        isAuthenticated: true
+      }));
+      yield afterAuthNavigation();
+    }
+
+    callback == null ? void 0 : callback(true);
+  } catch (e) {
+    var _e$message;
+
+    yield put(actions.setLoginState({
+      error: (_e$message = e.message) != null ? _e$message : 'Failed to authenticate'
+    }));
+  } finally {
+    yield put(actions.setLoginState({
+      loading: false
+    }));
+  }
+}
+
+function* verifyInviteToken({
+  payload
+}) {
+  try {
+    yield put(actions.setLoginState({
+      loading: true
+    }));
+    const {
+      name: inviteTokenTenantName
+    } = yield call(api.auth.verifyInviteToken, payload);
+    yield put(actions.setLoginState({
+      inviteTokenTenantName
+    }));
+  } catch (e) {
+    var _e$message2;
+
+    console.error(e);
+    yield put(actions.setLoginState({
+      inviteTokenError: (_e$message2 = e.message) != null ? _e$message2 : `We couldn't verify your invitation`
+    }));
+  } finally {
+    yield put(actions.setLoginState({
+      loading: false
+    }));
+  }
+}
+
+function* preLogin({
+  payload: {
+    email,
+    recaptchaToken,
+    invitationToken,
+    callback
+  }
+}) {
+  yield put(actions.setLoginState({
+    loading: true
+  }));
+
+  try {
+    const onRedirectTo = yield select(({
+      auth: {
+        onRedirectTo
+      }
+    }) => onRedirectTo);
+    let {
+      address,
+      idpType
+    } = yield call(api.auth.preLoginV2, {
+      email
+    });
+
+    if (address) {
+      if (idpType === SamlVendors.Oidc && !address.includes('redirect_uri')) {
+        const {
+          routes: {
+            oidcRedirectUrl
+          }
+        } = yield select(({
+          auth: {
+            routes
+          }
+        }) => ({
+          routes
+        }));
+        address += `&redirect_uri=${window.location.origin}${oidcRedirectUrl}`;
+      }
+
+      yield put(actions.setLoginState({
+        step: LoginStep.redirectToSSO,
+        loading: false,
+        ssoRedirectUrl: address
+      }));
+      setTimeout(() => {
+        onRedirectTo(address, {
+          refresh: true
+        });
+      }, 2000);
+    } else {
+      yield ssoPreloginFailed({
+        email,
+        recaptchaToken,
+        callback,
+        invitationToken
+      });
+    }
+  } catch (e) {
+    yield ssoPreloginFailed({
+      email,
+      recaptchaToken,
+      callback,
+      invitationToken
+    });
+  }
+}
+
+function* ssoPreloginFailed(_ref3) {
+  let {
+    callback
+  } = _ref3,
+      body = _objectWithoutPropertiesLoose(_ref3, _excluded3);
+
+  const publicPolicy = yield select(({
+    auth: {
+      securityPolicyState: {
+        publicPolicy: {
+          policy: publicPolicy
+        }
+      }
+    }
+  }) => publicPolicy);
+
+  if (!(publicPolicy != null && publicPolicy.authStrategy)) {
+    yield put(actions.setLoginState({
+      step: LoginStep.loginWithPassword,
+      loading: false
+    }));
+    callback == null ? void 0 : callback();
+    return;
+  }
+
+  if ((publicPolicy == null ? void 0 : publicPolicy.authStrategy) === AuthStrategyEnum.EmailAndPassword) {
+    yield put(actions.setLoginState({
+      step: LoginStep.loginWithPassword,
+      loading: false
+    }));
+    callback == null ? void 0 : callback();
+  } else if ([AuthStrategyEnum.MagicLink, AuthStrategyEnum.Code, AuthStrategyEnum.SmsCode].includes(publicPolicy == null ? void 0 : publicPolicy.authStrategy)) {
+    yield put(actions.passwordlessPreLogin(_extends({}, body, {
+      type: publicPolicy == null ? void 0 : publicPolicy.authStrategy,
+      callback
+    })));
+  } else {
+    yield put(actions.setLoginState({
+      step: LoginStep.loginWithPassword,
+      loading: false
+    }));
+    callback == null ? void 0 : callback();
+  }
+}
+
+function* postLogin({
+  payload
+}) {
+  const {
+    onRedirectTo,
+    routes
+  } = yield select(({
+    auth: {
+      onRedirectTo,
+      routes
+    }
+  }) => ({
+    onRedirectTo,
+    routes
+  }));
+  yield put(actions.setLoginState({
+    loading: true
+  }));
+
+  try {
+    const user = yield call(api.auth.postLogin, payload);
+    ContextHolder.setAccessToken(user.accessToken);
+    ContextHolder.setUser(user);
+    yield put(actions.setState({
+      user: !!user.accessToken ? user : undefined,
+      isAuthenticated: !!user.accessToken
+    }));
+    yield afterAuthNavigation();
+  } catch (e) {
+    setTimeout(() => {
+      onRedirectTo(routes.authenticatedUrl);
+    }, 1000);
+    yield put(actions.setLoginState({
+      step: LoginStep.loginWithSSOFailed,
+      loading: false
+    }));
+  }
+}
+
+function* login({
+  payload: {
+    email,
+    password,
+    recaptchaToken,
+    invitationToken,
+    callback
+  }
+}) {
+  yield put(actions.setLoginState({
+    loading: true
+  }));
+
+  try {
+    const user = yield call(api.auth.login, {
+      email,
+      password,
+      recaptchaToken,
+      invitationToken
+    });
+    ContextHolder.setAccessToken(user.accessToken);
+    ContextHolder.setUser(user);
+    let setMfaState = {};
+    let step = LoginStep.success;
+
+    if (user.mfaRequired && user.mfaToken) {
+      step = LoginStep.loginWithTwoFactor;
+
+      if (user.hasOwnProperty('mfaEnrolled') && !user.mfaEnrolled) {
+        setMfaState = {
+          mfaState: {
+            step: MFAStep.verify,
+            qrCode: user.qrCode,
+            recoveryCode: user.recoveryCode,
+            mfaToken: user.mfaToken,
+            loading: false
+          }
+        };
+        step = LoginStep.forceTwoFactor;
+      }
+    }
+
+    const isAuthenticated = step === LoginStep.success && !!user.accessToken;
+    const loggedInUser = step === LoginStep.success && step === LoginStep.success ? user : undefined;
+    let allowRememberDevice = {
+      isAllowedToRemember: false,
+      mfaDeviceExpiration: 0
+    };
+
+    if (user.mfaRequired && user.mfaToken) {
+      allowRememberDevice = yield call(api.auth.checkIfAllowToRememberMfaDevice, user.mfaToken);
+    }
+
+    const {
+      isAllowedToRemember,
+      mfaDeviceExpiration
+    } = allowRememberDevice;
+    yield put(actions.setState(_extends({
+      user: loggedInUser,
+      isAuthenticated
+    }, setMfaState, {
+      loginState: {
+        email,
+        loading: false,
+        error: undefined,
+        mfaToken: user.mfaToken,
+        step,
+        tenants: [],
+        tenantsLoading: true,
+        allowRememberMfaDevice: isAllowedToRemember,
+        mfaDeviceExpiration
+      }
+    })));
+
+    if (step === LoginStep.success) {
+      yield put(actions.loadTenants());
+      yield afterAuthNavigation();
+    }
+
+    callback == null ? void 0 : callback(true);
+  } catch (e) {
+    ContextHolder.setAccessToken(null);
+    ContextHolder.setUser(null);
+    yield put(actions.setLoginState({
+      email,
+      error: e.message,
+      loading: false
+    }));
+  }
+}
+
+function* loginWithMfa({
+  payload: {
+    mfaToken,
+    value,
+    rememberDevice,
+    callback
+  }
+}) {
+  yield put(actions.setLoginState({
+    loading: true
+  }));
+
+  try {
+    const user = yield call(api.auth.loginWithMfa, {
+      mfaToken,
+      value,
+      rememberDevice
+    });
+    const step = LoginStep.success;
+    yield put(actions.setState({
+      loginState: {
+        loading: false,
+        error: undefined,
+        step,
+        tenantsLoading: true,
+        tenants: []
+      },
+      user,
+      isAuthenticated: true
+    }));
+    yield put(actions.loadTenants());
+    callback == null ? void 0 : callback(true);
+
+    if (step === LoginStep.success) {
+      yield afterAuthNavigation();
+    }
+  } catch (e) {
+    yield put(actions.setLoginState({
+      error: e.message,
+      loading: false
+    }));
+    callback == null ? void 0 : callback(false, e);
+  }
+}
+
+function* recoverMfa({
+  payload
+}) {
+  yield put(actions.setLoginState({
+    loading: true
+  }));
+
+  try {
+    yield call(api.auth.recoverMfaToken, payload);
+    yield put(actions.setLoginState({
+      loading: false,
+      error: undefined,
+      step: LoginStep.preLogin
+    }));
+    yield put(actions.setState({
+      user: undefined,
+      isAuthenticated: false
+    }));
+  } catch (e) {
+    yield put(actions.setLoginState({
+      error: e.message,
+      loading: false
+    }));
+  }
+}
+
+function* logout({
+  payload
+}) {
+  yield put(actions.setState({
+    isLoading: true
+  }));
+
+  try {
+    yield call(api.auth.logout);
+  } catch {}
+
+  yield put(actions.resetState());
+  yield put(actions.requestAuthorize(true));
+  payload == null ? void 0 : payload();
+}
+
+function* silentLogout({
+  payload
+}) {
+  try {
+    yield call(api.auth.logout);
+  } catch {}
+
+  setTimeout(() => payload == null ? void 0 : payload(), 500);
+}
+
+export function* loginSagas() {
+  yield takeLeading(actions.requestAuthorize, requestAuthorize);
+  yield takeLeading(actions.requestAuthorizeSSR, requestAuthorizeSSR);
+  yield takeLeading(actions.requestHostedLoginAuthorize, requestHostedLoginAuthorize);
+  yield takeLeading(actions.handleHostedLoginCallback, handleHostedLoginCallback);
+  yield takeLeading(actions.preLogin, preLogin);
+  yield takeLeading(actions.postLogin, postLogin);
+  yield takeLeading(actions.login, login);
+  yield takeLeading(actions.logout, logout);
+  yield takeLeading(actions.silentLogout, silentLogout);
+  yield takeLeading(actions.loginWithMfa, loginWithMfa);
+  yield takeLeading(actions.recoverMfa, recoverMfa);
+  yield takeLeading(actions.passwordlessPreLogin, passwordlessPreLogin);
+  yield takeLeading(actions.passwordlessPostLogin, passwordlessPostLogin);
+  yield takeLeading(actions.verifyInviteToken, verifyInviteToken);
+}
+
+function* requestAuthorizeMock({
+  payload: firstTime
+}) {
+  if (firstTime) {
+    yield put(actions.setState({
+      isLoading: true
+    }));
+  }
+
+  const user = userDemo;
+  yield put(actions.loadTenants());
+  yield put(actions.setState({
+    user,
+    isAuthenticated: true,
+    isLoading: false
+  }));
+}
+
+export function* loginSagasMock() {
+  yield takeLeading(actions.requestAuthorize, requestAuthorizeMock);
+  yield takeLeading(actions.afterAuthNavigation, afterAuthNavigation);
+}