@frontegg/redux-store 7.58.0 → 7.60.0-alpha.0

package/mocks/auth-mocks/passwordRotationActions.mocks.js

@@ -0,0 +1,9 @@
+import { buildPasswordRotationActions } from '../../auth/PasswordRotationState';
+import { PasswordRotationStep } from '../../toolkit';
+import { mockActionsExpect } from '../helpers';
+export default ((store, api, actions) => {
+  const originalActions = buildPasswordRotationActions(store, api, actions);
+  const mockedActions = mockActionsExpect(originalActions, ['setStep']);
+  mockedActions.setStep(PasswordRotationStep.success);
+  return mockedActions;
+});

package/node/auth/LoginState/actions/handleVerifyMFAResponse.actions.js

@@ -7,6 +7,7 @@ exports.default = _default;
 var _restApi = require("@frontegg/rest-api");
 var _interfaces = require("../../MfaState/interfaces");
 var _interfaces2 = require("../interfaces");
+var _helpers = require("../../helpers");
 function _default(store, api, sharedActions) {
   const actions = sharedActions;
 
@@ -31,26 +32,42 @@ function _default(store, api, sharedActions) {
    * Additional steps for after MFA authentication with authenticator app handler for login flow
    * @param isAuthenticated
    */
-  const postHandleVerifyMFAResponseForLogin = async isAuthenticated => {
+  const postHandleVerifyMFAResponseForLogin = async (isAuthenticated, user) => {
     const loginState = store.auth.loginState;
     const mfaStep = store.auth.mfaState.step;
-    const [securityCenterLoginFlows] = await getFeatureFlags(['security-center-show-login-flows']);
+    const [securityCenterLoginFlows, passwordRotationFlagEnabled] = await actions.getFeatureFlags(['security-center-show-login-flows', 'password-rotation']);
     if (loginState.flow === _interfaces2.LoginFlow.Login) {
       if (securityCenterLoginFlows && loginState.isBreachedPassword && !isAuthenticated) {
         actions.setLoginState({
           step: _interfaces2.LoginStep.breachedPassword,
           loading: false
         });
+        return;
+      }
+      if (passwordRotationFlagEnabled && (0, _helpers.isResetPasswordRequired)(user, store.root.appName)) {
+        actions.setLoginState({
+          step: _interfaces2.LoginStep.passwordRotationExpired,
+          loading: false,
+          resetPasswordToken: user.resetPasswordToken,
+          userId: user.userId
+        });
+        return;
+      }
+      if (passwordRotationFlagEnabled && (0, _helpers.shouldShowPasswordRotationPromptFunc)(user)) {
+        actions.setLoginState({
+          step: _interfaces2.LoginStep.passwordRotationNotification,
+          loading: false
+        });
+        return;
+      }
+      const shouldShowPasskeysPrompt = await actions.__shouldShowPromptPasskeys();
+      if (mfaStep === _interfaces.MFAStep.smsVerifyCode && shouldShowPasskeysPrompt) {
+        actions.setLoginState({
+          step: _interfaces2.LoginStep.promptPasskeys,
+          loading: false
+        });
       } else {
-        const shouldShowPrompt = await actions.__shouldShowPromptPasskeys();
-        if (mfaStep === _interfaces.MFAStep.smsVerifyCode && shouldShowPrompt) {
-          actions.setLoginState({
-            step: _interfaces2.LoginStep.promptPasskeys,
-            loading: false
-          });
-        } else {
-          await actions.afterAuthNavigation();
-        }
+        await actions.afterAuthNavigation();
       }
     }
   };
@@ -87,7 +104,7 @@ function _default(store, api, sharedActions) {
     if (isStepUp) {
       return await postHandleVerifyMFAResponseForStepUp();
     }
-    return await postHandleVerifyMFAResponseForLogin(isAuthenticated);
+    return await postHandleVerifyMFAResponseForLogin(isAuthenticated, user);
   };
   return {
     postHandleVerifyMFAResponseForStepUp,

package/node/auth/LoginState/actions/index.js

@@ -472,50 +472,67 @@ var _default = (store, api, sharedActions) => {
           preserveQueryParams: true
         });
       } else {
-        const loginState = store.auth.loginState;
-        const isAuthenticated = !!user.accessToken;
-        if (user.id) {
-          localStorage.setItem('userId', user.id);
-        }
-        actions.afterAuthenticationStateUpdate({
-          user,
-          tenants,
-          activeTenant
-        }, {
-          loginState: {
-            flow: loginState.flow,
-            quickLoginToRegister: loginState.quickLoginToRegister,
-            email,
+        const [securityCenterLoginFlows, passwordRotationFlagEnabled] = await actions.getFeatureFlags(['security-center-show-login-flows', 'password-rotation']);
+        if (passwordRotationFlagEnabled && (0, _helpers3.isResetPasswordRequired)(user, store.root.appName)) {
+          setLoginState({
+            step: _interfaces.LoginStep.passwordRotationExpired,
             loading: false,
-            error: undefined,
-            mfaToken: user.mfaToken,
-            step: loginState.flow === _interfaces.LoginFlow.Login ? _interfaces.LoginStep.success : loginState.step,
+            resetPasswordToken: user.resetPasswordToken,
+            userId: user.userId
+          });
+        } else {
+          const loginState = store.auth.loginState;
+          const isAuthenticated = !!user.accessToken;
+          if (user.id) {
+            localStorage.setItem('userId', user.id);
+          }
+          actions.afterAuthenticationStateUpdate({
+            user,
             tenants,
-            tenantsLoading: true,
-            isBreachedPassword: user.isBreachedPassword
-          },
-          isAuthenticated
-        });
-        const [securityCenterLoginFlows] = await actions.getFeatureFlags(['security-center-show-login-flows']);
-        if (loginState.flow === _interfaces.LoginFlow.Login) {
-          if (securityCenterLoginFlows && user.isBreachedPassword && !isAuthenticated) {
-            setLoginState({
-              step: _interfaces.LoginStep.breachedPassword,
-              loading: false
-            });
-          } else {
-            if (isAuthenticated) {
-              const shouldShowPrompt = await actions.__shouldShowPromptPasskeys();
-              if (shouldShowPrompt) {
-                setLoginState({
-                  step: _interfaces.LoginStep.promptPasskeys,
-                  loading: false
-                });
-                onRedirectTo(routes.loginUrl, {
-                  preserveQueryParams: true
-                });
-              } else {
-                await actions.afterAuthNavigation();
+            activeTenant
+          }, {
+            loginState: {
+              flow: loginState.flow,
+              quickLoginToRegister: loginState.quickLoginToRegister,
+              email,
+              loading: false,
+              error: undefined,
+              mfaToken: user.mfaToken,
+              step: loginState.flow === _interfaces.LoginFlow.Login ? _interfaces.LoginStep.success : loginState.step,
+              tenants,
+              tenantsLoading: true,
+              isBreachedPassword: user.isBreachedPassword
+            },
+            isAuthenticated
+          });
+          if (loginState.flow === _interfaces.LoginFlow.Login) {
+            if (securityCenterLoginFlows && user.isBreachedPassword && !isAuthenticated) {
+              setLoginState({
+                step: _interfaces.LoginStep.breachedPassword,
+                loading: false
+              });
+            } else {
+              if (isAuthenticated) {
+                const shouldShowPasswordRotationPrompt = (0, _helpers2.shouldShowPasswordRotationPromptFunc)(user);
+                if (passwordRotationFlagEnabled && shouldShowPasswordRotationPrompt) {
+                  setLoginState({
+                    step: _interfaces.LoginStep.passwordRotationNotification,
+                    loading: false
+                  });
+                } else {
+                  const shouldShowPromptPasskeys = await actions.__shouldShowPromptPasskeys();
+                  if (shouldShowPromptPasskeys) {
+                    setLoginState({
+                      step: _interfaces.LoginStep.promptPasskeys,
+                      loading: false
+                    });
+                    onRedirectTo(routes.loginUrl, {
+                      preserveQueryParams: true
+                    });
+                  } else {
+                    await actions.afterAuthNavigation();
+                  }
+                }
               }
             }
           }

package/node/auth/LoginState/actions/mfaWithAuthenticator.actions.js

@@ -9,6 +9,7 @@ var _objectWithoutPropertiesLoose2 = _interopRequireDefault(require("@babel/runt
 var _extends2 = _interopRequireDefault(require("@babel/runtime/helpers/extends"));
 var _interfaces = require("../interfaces");
 var _helpers = require("../../../helpers");
+var _helpers2 = require("../../helpers");
 const _excluded = ["callback"];
 var _default = (store, api, sharedActions) => {
   const actions = sharedActions;
@@ -45,24 +46,41 @@ var _default = (store, api, sharedActions) => {
    * Handle after MFA authentication with authenticator app for login
    * @private
    */
-  async function __postLoginMfaAuthenticator(isAuthenticated, callback) {
+  async function __postLoginMfaAuthenticator(isAuthenticated, user, callback) {
     const loginState = store.auth.loginState;
     if (loginState.flow !== _interfaces.LoginFlow.Login) return;
-    const [securityCenterLoginFlows] = await actions.getFeatureFlags(['security-center-show-login-flows']);
+    const [securityCenterLoginFlows, passwordRotationFlagEnabled] = await actions.getFeatureFlags(['security-center-show-login-flows', 'password-rotation']);
     if (securityCenterLoginFlows && loginState.isBreachedPassword && !isAuthenticated) {
       actions.setLoginState({
         step: _interfaces.LoginStep.breachedPassword,
         loading: false
       });
     } else {
-      const shouldShowPrompt = await actions.__shouldShowPromptPasskeys();
-      if (shouldShowPrompt) {
+      if (passwordRotationFlagEnabled && (0, _helpers2.isResetPasswordRequired)(user, store.root.appName)) {
         actions.setLoginState({
-          step: _interfaces.LoginStep.promptPasskeys,
-          loading: false
+          step: _interfaces.LoginStep.passwordRotationExpired,
+          loading: false,
+          resetPasswordToken: user.resetPasswordToken,
+          userId: user.userId
         });
       } else {
-        await actions.afterAuthNavigation();
+        const shouldShowPasswordRotationPrompt = (0, _helpers2.shouldShowPasswordRotationPromptFunc)(user);
+        if (passwordRotationFlagEnabled && shouldShowPasswordRotationPrompt) {
+          actions.setLoginState({
+            step: _interfaces.LoginStep.passwordRotationNotification,
+            loading: false
+          });
+        } else {
+          const shouldShowPrompt = await actions.__shouldShowPromptPasskeys();
+          if (shouldShowPrompt) {
+            actions.setLoginState({
+              step: _interfaces.LoginStep.promptPasskeys,
+              loading: false
+            });
+          } else {
+            await actions.afterAuthNavigation();
+          }
+        }
       }
     }
     callback == null ? void 0 : callback(true);
@@ -116,7 +134,7 @@ var _default = (store, api, sharedActions) => {
       if (isStepUp) {
         return await __postStepUpMfaAuthenticator(callback);
       }
-      return await __postLoginMfaAuthenticator(isAuthenticated, callback);
+      return await __postLoginMfaAuthenticator(isAuthenticated, user, callback);
     } catch (e) {
       setLoadingAction({
         loading: false,

package/node/auth/LoginState/helpers.js

@@ -5,7 +5,7 @@ Object.defineProperty(exports, "__esModule", {
 });
 exports.isAbsoluteUrl = exports.getSearchParamsFromUrl = exports.getSearchParam = exports.getRedirectUrl = exports.getPathAndSearchParamsFromUrl = exports.getNumberOfMfaDevices = exports.getMfaStepForNotEnrolledUsers = exports.getMfaStepForEnrolledUsers = exports.getBaseNameWithoutSlashSuffix = exports.TENANT_ID_PARAM_KEY = void 0;
 exports.isEmailPayload = isEmailPayload;
-exports.isOauthCallbackRoute = void 0;
+exports.shouldShowPasswordRotationPromptFunc = exports.isOauthCallbackRoute = void 0;
 var _restApi = require("@frontegg/rest-api");
 var _interfaces = require("../MfaState/interfaces");
 const isAbsoluteUrl = path => {
@@ -151,4 +151,8 @@ const getBaseNameWithoutSlashSuffix = state => {
   }
   return basename;
 };
-exports.getBaseNameWithoutSlashSuffix = getBaseNameWithoutSlashSuffix;
+exports.getBaseNameWithoutSlashSuffix = getBaseNameWithoutSlashSuffix;
+const shouldShowPasswordRotationPromptFunc = user => {
+  return user.passwordExpiresIn !== undefined && user.notificationPeriod !== undefined && user.passwordExpiresIn <= user.notificationPeriod;
+};
+exports.shouldShowPasswordRotationPromptFunc = shouldShowPasswordRotationPromptFunc;

package/node/auth/LoginState/interfaces.js

@@ -29,6 +29,8 @@ exports.LoginStep = LoginStep;
   LoginStep["promptPasskeys"] = "promptPasskeys";
   LoginStep["breachedPassword"] = "breachedPassword";
   LoginStep["breachedPasswordSuccess"] = "breachedPasswordSuccess";
+  LoginStep["passwordRotationExpired"] = "passwordRotationExpired";
+  LoginStep["passwordRotationNotification"] = "passwordRotationNotification";
   LoginStep["magicLinkPostLoginSuccess"] = "magicLinkPostLoginSuccess";
 })(LoginStep || (exports.LoginStep = LoginStep = {}));
 let LoginFlow;

package/node/auth/PasswordRotationState/actions.js

@@ -0,0 +1,20 @@
+"use strict";
+
+Object.defineProperty(exports, "__esModule", {
+  value: true
+});
+exports.default = void 0;
+var _default = (store, api, sharedActions) => {
+  const setPasswordRotationState = payload => {
+    Object.assign(store.auth.passwordRotationState, payload);
+  };
+  const setStep = step => {
+    setPasswordRotationState({
+      step
+    });
+  };
+  return {
+    setStep
+  };
+};
+exports.default = _default;

package/node/auth/PasswordRotationState/index.js

@@ -0,0 +1,20 @@
+"use strict";
+
+var _interopRequireDefault = require("@babel/runtime/helpers/interopRequireDefault");
+Object.defineProperty(exports, "__esModule", {
+  value: true
+});
+Object.defineProperty(exports, "buildPasswordRotationActions", {
+  enumerable: true,
+  get: function () {
+    return _actions.default;
+  }
+});
+Object.defineProperty(exports, "createPasswordRotationState", {
+  enumerable: true,
+  get: function () {
+    return _state.default;
+  }
+});
+var _state = _interopRequireDefault(require("./state"));
+var _actions = _interopRequireDefault(require("./actions"));

package/node/auth/PasswordRotationState/interfaces.js

@@ -0,0 +1,12 @@
+"use strict";
+
+Object.defineProperty(exports, "__esModule", {
+  value: true
+});
+exports.PasswordRotationStep = void 0;
+let PasswordRotationStep;
+exports.PasswordRotationStep = PasswordRotationStep;
+(function (PasswordRotationStep) {
+  PasswordRotationStep["success"] = "success";
+  PasswordRotationStep["notification"] = "notification";
+})(PasswordRotationStep || (exports.PasswordRotationStep = PasswordRotationStep = {}));

package/node/auth/PasswordRotationState/state.js

@@ -0,0 +1,14 @@
+"use strict";
+
+Object.defineProperty(exports, "__esModule", {
+  value: true
+});
+exports.initialState = exports.default = void 0;
+var _interfaces = require("./interfaces");
+var _proxy = require("../../toolkit/proxy");
+const initialState = {
+  step: _interfaces.PasswordRotationStep.notification
+};
+exports.initialState = initialState;
+var _default = overrideState => (0, _proxy.createProxy)(initialState, overrideState);
+exports.default = _default;

package/node/auth/helpers.js

@@ -6,17 +6,18 @@ Object.defineProperty(exports, "__esModule", {
 });
 var _exportNames = {
   isMfaRequired: true,
+  isResetPasswordRequired: true,
   mapMetaDataObjectToActions: true,
   getUri: true,
   extractPhoneNumber: true,
   isAuthRoute: true
 };
-exports.mapMetaDataObjectToActions = exports.isMfaRequired = exports.isAuthRoute = exports.getUri = exports.extractPhoneNumber = void 0;
+exports.mapMetaDataObjectToActions = exports.isResetPasswordRequired = exports.isMfaRequired = exports.isAuthRoute = exports.getUri = exports.extractPhoneNumber = void 0;
 var _extends2 = _interopRequireDefault(require("@babel/runtime/helpers/extends"));
 var _objectWithoutPropertiesLoose2 = _interopRequireDefault(require("@babel/runtime/helpers/objectWithoutPropertiesLoose"));
 var _restApi = require("@frontegg/rest-api");
 var _consts = require("./LoginState/consts");
-var _helpers = require("./LoginState/helpers");
+var _helpers = require("./Entitlements/helpers");
 Object.keys(_helpers).forEach(function (key) {
   if (key === "default" || key === "__esModule") return;
   if (Object.prototype.hasOwnProperty.call(_exportNames, key)) return;
@@ -28,7 +29,7 @@ Object.keys(_helpers).forEach(function (key) {
     }
   });
 });
-var _helpers2 = require("./StepUpState/helpers");
+var _helpers2 = require("./LoginState/helpers");
 Object.keys(_helpers2).forEach(function (key) {
   if (key === "default" || key === "__esModule") return;
   if (Object.prototype.hasOwnProperty.call(_exportNames, key)) return;
@@ -40,7 +41,7 @@ Object.keys(_helpers2).forEach(function (key) {
     }
   });
 });
-var _helpers3 = require("./Entitlements/helpers");
+var _helpers3 = require("./StepUpState/helpers");
 Object.keys(_helpers3).forEach(function (key) {
   if (key === "default" || key === "__esModule") return;
   if (Object.prototype.hasOwnProperty.call(_exportNames, key)) return;
@@ -60,13 +61,23 @@ const isMfaRequired = (user, appName) => {
     contextHolder.setAccessToken(null);
     contextHolder.setUser(null);
     return true;
-  } else {
-    contextHolder.setAccessToken(user.accessToken);
-    contextHolder.setUser(user);
-    return false;
   }
+  contextHolder.setAccessToken(user.accessToken);
+  contextHolder.setUser(user);
+  return false;
 };
 exports.isMfaRequired = isMfaRequired;
+const isResetPasswordRequired = (user, appName) => {
+  const contextHolder = _restApi.ContextHolder.for(appName);
+  if (user.resetPasswordToken) {
+    contextHolder.setAccessToken(null);
+    return true;
+  }
+  contextHolder.setAccessToken(user.accessToken);
+  contextHolder.setUser(user);
+  return false;
+};
+exports.isResetPasswordRequired = isResetPasswordRequired;
 const mapMetaDataObjectToActions = (obj, path = []) => {
   return Object.entries(obj).reduce((acc, [key, value]) => {
     if (typeof value === 'object') {