@kineticdata/react 6.1.6 → 7.0.0-rc1

package/lib/apis/core/authentication.test.js

@@ -0,0 +1,360 @@
+"use strict";
+
+var _interopRequireDefault = require("@babel/runtime/helpers/interopRequireDefault")["default"];
+var _regeneratorRuntime2 = _interopRequireDefault(require("@babel/runtime/helpers/esm/regeneratorRuntime"));
+var _asyncToGenerator2 = _interopRequireDefault(require("@babel/runtime/helpers/esm/asyncToGenerator"));
+var _util = require("util");
+var _axios = _interopRequireDefault(require("axios"));
+var _authentication = require("./authentication");
+// Polyfill TextEncoder for jsdom environment
+global.TextEncoder = _util.TextEncoder;
+jest.mock('../../helpers', function () {
+  return {
+    bundle: {
+      spaceLocation: function spaceLocation() {
+        return 'https://test.kinetic.com/space';
+      }
+    }
+  };
+});
+jest.mock('./profile', function () {
+  return {
+    fetchProfile: jest.fn()
+  };
+});
+
+/**
+ * Simulates the hidden iframe flow used by attemptAuthorize.
+ *
+ * @param {string|Function} hrefOrFn - Either a static href string the iframe
+ *   will "navigate" to, or a function called on each load that returns the href.
+ */
+function installIframeTrap(hrefOrFn) {
+  var origCreate = document.createElement.bind(document);
+  jest.spyOn(document, 'createElement').mockImplementation(function (tag) {
+    if (tag !== 'iframe') return origCreate(tag);
+    var iframe = origCreate('iframe');
+    var srcValue;
+    Object.defineProperty(iframe, 'src', {
+      get: function get() {
+        return srcValue;
+      },
+      set: function set(val) {
+        srcValue = val;
+        // Simulate async load on next microtask
+        Promise.resolve().then(function () {
+          var href = typeof hrefOrFn === 'function' ? hrefOrFn() : hrefOrFn;
+          Object.defineProperty(iframe, 'contentWindow', {
+            value: {
+              location: {
+                href: href
+              }
+            },
+            configurable: true
+          });
+          if (iframe.onload) iframe.onload();
+        });
+      }
+    });
+    return iframe;
+  });
+}
+
+/**
+ * Like installIframeTrap but the first onload triggers a cross-origin error
+ * before a second onload resolves with the given href.
+ */
+function installCrossOriginIframeTrap(successHref) {
+  var origCreate = document.createElement.bind(document);
+  var loadCount = 0;
+  jest.spyOn(document, 'createElement').mockImplementation(function (tag) {
+    if (tag !== 'iframe') return origCreate(tag);
+    var iframe = origCreate('iframe');
+    var srcValue;
+    Object.defineProperty(iframe, 'src', {
+      get: function get() {
+        return srcValue;
+      },
+      set: function set(val) {
+        srcValue = val;
+        Promise.resolve().then(function () {
+          loadCount++;
+          if (loadCount === 1) {
+            Object.defineProperty(iframe, 'contentWindow', {
+              get: function get() {
+                throw new DOMException('Blocked a frame');
+              },
+              configurable: true
+            });
+            if (iframe.onload) iframe.onload();
+
+            // Fire a second load with the successful response
+            Promise.resolve().then(function () {
+              Object.defineProperty(iframe, 'contentWindow', {
+                value: {
+                  location: {
+                    href: successHref
+                  }
+                },
+                configurable: true
+              });
+              if (iframe.onload) iframe.onload();
+            });
+          }
+        });
+      }
+    });
+    return iframe;
+  });
+}
+describe('authentication api', function () {
+  var savedCrypto;
+  beforeAll(function () {
+    savedCrypto = global.crypto;
+    Object.defineProperty(global, 'crypto', {
+      value: {
+        getRandomValues: jest.fn(function (array) {
+          array.fill(0);
+          return array;
+        }),
+        subtle: {
+          digest: jest.fn(function () {
+            return Promise.resolve(new Uint8Array(32).buffer);
+          })
+        }
+      },
+      writable: true
+    });
+  });
+  afterAll(function () {
+    Object.defineProperty(global, 'crypto', {
+      value: savedCrypto,
+      writable: true
+    });
+  });
+  afterEach(function () {
+    jest.restoreAllMocks();
+  });
+  describe('#login', function () {
+    test('posts credentials to the login endpoint', /*#__PURE__*/(0, _asyncToGenerator2["default"])( /*#__PURE__*/(0, _regeneratorRuntime2["default"])().mark(function _callee() {
+      return (0, _regeneratorRuntime2["default"])().wrap(function _callee$(_context) {
+        while (1) switch (_context.prev = _context.next) {
+          case 0:
+            _axios["default"].post = jest.fn(function () {
+              return Promise.resolve({
+                status: 200,
+                data: {}
+              });
+            });
+            _context.next = 3;
+            return (0, _authentication.login)({
+              username: 'admin',
+              password: 'secret'
+            });
+          case 3:
+            expect(_axios["default"].post).toHaveBeenCalledWith('https://test.kinetic.com/space/app/login.do', {
+              j_username: 'admin',
+              j_password: 'secret'
+            }, {
+              __bypassAuthInterceptor: true
+            });
+          case 4:
+          case "end":
+            return _context.stop();
+        }
+      }, _callee);
+    })));
+  });
+  describe('#logoutDirect', function () {
+    test('uses the standard logout endpoint', /*#__PURE__*/(0, _asyncToGenerator2["default"])( /*#__PURE__*/(0, _regeneratorRuntime2["default"])().mark(function _callee2() {
+      return (0, _regeneratorRuntime2["default"])().wrap(function _callee2$(_context2) {
+        while (1) switch (_context2.prev = _context2.next) {
+          case 0:
+            _axios["default"].get = jest.fn(function () {
+              return Promise.resolve({
+                status: 200
+              });
+            });
+            _context2.next = 3;
+            return (0, _authentication.logoutDirect)(false);
+          case 3:
+            expect(_axios["default"].get).toHaveBeenCalledWith('https://test.kinetic.com/space/app/logout');
+          case 4:
+          case "end":
+            return _context2.stop();
+        }
+      }, _callee2);
+    })));
+    test('uses the SAML logout endpoint when isSaml is true', /*#__PURE__*/(0, _asyncToGenerator2["default"])( /*#__PURE__*/(0, _regeneratorRuntime2["default"])().mark(function _callee3() {
+      return (0, _regeneratorRuntime2["default"])().wrap(function _callee3$(_context3) {
+        while (1) switch (_context3.prev = _context3.next) {
+          case 0:
+            _axios["default"].get = jest.fn(function () {
+              return Promise.resolve({
+                status: 200
+              });
+            });
+            _context3.next = 3;
+            return (0, _authentication.logoutDirect)(true);
+          case 3:
+            expect(_axios["default"].get).toHaveBeenCalledWith('https://test.kinetic.com/space/app/saml2/logout');
+          case 4:
+          case "end":
+            return _context3.stop();
+        }
+      }, _callee3);
+    })));
+  });
+  describe('#retrieveJwt', function () {
+    test('returns the access token on success', /*#__PURE__*/(0, _asyncToGenerator2["default"])( /*#__PURE__*/(0, _regeneratorRuntime2["default"])().mark(function _callee4() {
+      var fakeToken, token, params;
+      return (0, _regeneratorRuntime2["default"])().wrap(function _callee4$(_context4) {
+        while (1) switch (_context4.prev = _context4.next) {
+          case 0:
+            fakeToken = 'jwt-token-123';
+            _axios["default"].post = jest.fn(function () {
+              return Promise.resolve({
+                data: {
+                  access_token: fakeToken
+                }
+              });
+            });
+            installIframeTrap("".concat(window.location.origin, "/app/oauth/callback?code=auth-code-xyz"));
+            _context4.next = 5;
+            return (0, _authentication.retrieveJwt)();
+          case 5:
+            token = _context4.sent;
+            expect(token).toBe(fakeToken);
+            expect(_axios["default"].post).toHaveBeenCalledWith('https://test.kinetic.com/space/app/oauth2/token', expect.any(URLSearchParams), expect.objectContaining({
+              headers: {
+                'Content-Type': 'application/x-www-form-urlencoded'
+              },
+              __bypassAuthInterceptor: true,
+              __bypassInitInterceptor: true
+            }));
+            params = _axios["default"].post.mock.calls[0][1];
+            expect(params.get('grant_type')).toBe('authorization_code');
+            expect(params.get('code')).toBe('auth-code-xyz');
+            expect(params.get('redirect_uri')).toContain('/app/oauth/callback');
+          case 12:
+          case "end":
+            return _context4.stop();
+        }
+      }, _callee4);
+    })));
+    test('returns undefined when the user is unauthenticated', /*#__PURE__*/(0, _asyncToGenerator2["default"])( /*#__PURE__*/(0, _regeneratorRuntime2["default"])().mark(function _callee5() {
+      var token;
+      return (0, _regeneratorRuntime2["default"])().wrap(function _callee5$(_context5) {
+        while (1) switch (_context5.prev = _context5.next) {
+          case 0:
+            installIframeTrap('https://test.kinetic.com/space/app/login');
+            _context5.next = 3;
+            return (0, _authentication.retrieveJwt)();
+          case 3:
+            token = _context5.sent;
+            expect(token).toBeUndefined();
+          case 5:
+          case "end":
+            return _context5.stop();
+        }
+      }, _callee5);
+    })));
+    test('returns undefined on OAuth error', /*#__PURE__*/(0, _asyncToGenerator2["default"])( /*#__PURE__*/(0, _regeneratorRuntime2["default"])().mark(function _callee6() {
+      var token;
+      return (0, _regeneratorRuntime2["default"])().wrap(function _callee6$(_context6) {
+        while (1) switch (_context6.prev = _context6.next) {
+          case 0:
+            installIframeTrap("".concat(window.location.origin, "/app/oauth/callback?error=server_error"));
+            _context6.next = 3;
+            return (0, _authentication.retrieveJwt)();
+          case 3:
+            token = _context6.sent;
+            expect(token).toBeUndefined();
+          case 5:
+          case "end":
+            return _context6.stop();
+        }
+      }, _callee6);
+    })));
+    test('returns undefined when token exchange fails', /*#__PURE__*/(0, _asyncToGenerator2["default"])( /*#__PURE__*/(0, _regeneratorRuntime2["default"])().mark(function _callee7() {
+      var token;
+      return (0, _regeneratorRuntime2["default"])().wrap(function _callee7$(_context7) {
+        while (1) switch (_context7.prev = _context7.next) {
+          case 0:
+            installIframeTrap("".concat(window.location.origin, "/app/oauth/callback?code=some-code"));
+            _axios["default"].post = jest.fn(function () {
+              return Promise.reject(new Error('network error'));
+            });
+            jest.spyOn(console, 'error').mockImplementation(function () {});
+            _context7.next = 5;
+            return (0, _authentication.retrieveJwt)();
+          case 5:
+            token = _context7.sent;
+            expect(token).toBeUndefined();
+          case 7:
+          case "end":
+            return _context7.stop();
+        }
+      }, _callee7);
+    })));
+    test('returns undefined when authorization times out', /*#__PURE__*/(0, _asyncToGenerator2["default"])( /*#__PURE__*/(0, _regeneratorRuntime2["default"])().mark(function _callee8() {
+      var origCreate, promise, token;
+      return (0, _regeneratorRuntime2["default"])().wrap(function _callee8$(_context8) {
+        while (1) switch (_context8.prev = _context8.next) {
+          case 0:
+            jest.useFakeTimers();
+            jest.spyOn(console, 'error').mockImplementation(function () {});
+
+            // Install an iframe trap that never fires onload
+            origCreate = document.createElement.bind(document);
+            jest.spyOn(document, 'createElement').mockImplementation(function (tag) {
+              if (tag !== 'iframe') return origCreate(tag);
+              var iframe = origCreate('iframe');
+              Object.defineProperty(iframe, 'src', {
+                get: function get() {
+                  return '';
+                },
+                set: function set() {}
+              });
+              return iframe;
+            });
+            promise = (0, _authentication.retrieveJwt)();
+            jest.advanceTimersByTime(15000);
+            _context8.next = 8;
+            return promise;
+          case 8:
+            token = _context8.sent;
+            expect(token).toBeUndefined();
+            jest.useRealTimers();
+          case 11:
+          case "end":
+            return _context8.stop();
+        }
+      }, _callee8);
+    })));
+    test('handles cross-origin iframe errors gracefully during redirects', /*#__PURE__*/(0, _asyncToGenerator2["default"])( /*#__PURE__*/(0, _regeneratorRuntime2["default"])().mark(function _callee9() {
+      var token;
+      return (0, _regeneratorRuntime2["default"])().wrap(function _callee9$(_context9) {
+        while (1) switch (_context9.prev = _context9.next) {
+          case 0:
+            installCrossOriginIframeTrap("".concat(window.location.origin, "/app/oauth/callback?code=final-code"));
+            _axios["default"].post = jest.fn(function () {
+              return Promise.resolve({
+                data: {
+                  access_token: 'cross-origin-token'
+                }
+              });
+            });
+            _context9.next = 4;
+            return (0, _authentication.retrieveJwt)();
+          case 4:
+            token = _context9.sent;
+            expect(token).toBe('cross-origin-token');
+          case 6:
+          case "end":
+            return _context9.stop();
+        }
+      }, _callee9);
+    })));
+  });
+});

package/lib/apis/core/customIndexes.js

@@ -0,0 +1,102 @@
+"use strict";
+
+var _interopRequireDefault = require("@babel/runtime/helpers/interopRequireDefault")["default"];
+Object.defineProperty(exports, "__esModule", {
+  value: true
+});
+exports.fetchCustomIndexes = exports.deleteCustomIndex = exports.createCustomIndex = void 0;
+var _axios = _interopRequireDefault(require("axios"));
+var _helpers = require("../../helpers");
+var _http = require("../http");
+var indexesUrl = function indexesUrl(_ref) {
+  var kappSlug = _ref.kappSlug,
+    formSlug = _ref.formSlug;
+  return "".concat(_helpers.bundle.apiLocation(), "/kapps/").concat(encodeURIComponent(kappSlug), "/forms/").concat(encodeURIComponent(formSlug), "/indexes");
+};
+var indexUrl = function indexUrl(_ref2) {
+  var kappSlug = _ref2.kappSlug,
+    formSlug = _ref2.formSlug,
+    indexName = _ref2.indexName;
+  return "".concat(indexesUrl({
+    kappSlug: kappSlug,
+    formSlug: formSlug
+  }), "/").concat(encodeURIComponent(indexName));
+};
+
+// `key` is server-populated on response and ignored on request. Strip it
+// defensively in case a caller round-trips a fetched index back into create.
+var sanitizePart = function sanitizePart(part) {
+  return {
+    type: part.type,
+    name: part.name
+  };
+};
+
+/**
+ * Fetches all custom Postgres indexes defined on a form.
+ *
+ * @param {Object} options
+ * @param {string} options.kappSlug
+ * @param {string} options.formSlug
+ * @returns {Promise<{indexes: Object[]}>}
+ */
+var fetchCustomIndexes = exports.fetchCustomIndexes = function fetchCustomIndexes() {
+  var options = arguments.length > 0 && arguments[0] !== undefined ? arguments[0] : {};
+  (0, _http.validateOptions)('fetchCustomIndexes', ['kappSlug', 'formSlug'], options);
+  return _axios["default"].get(indexesUrl(options), {
+    params: (0, _http.paramBuilder)(options),
+    headers: (0, _http.headerBuilder)(options)
+  }).then(function (response) {
+    return {
+      indexes: response.data.indexes
+    };
+  })["catch"](_http.handleErrors);
+};
+
+/**
+ * Creates a custom Postgres index on a form's submissions.
+ *
+ * @param {Object} options
+ * @param {string} options.kappSlug
+ * @param {string} options.formSlug
+ * @param {{name: string, unique?: boolean, parts: Array<{type: 'value'|'property', name: string}>}} options.index
+ * @returns {Promise<{index: Object}|{error: Object}>}
+ */
+var createCustomIndex = exports.createCustomIndex = function createCustomIndex() {
+  var options = arguments.length > 0 && arguments[0] !== undefined ? arguments[0] : {};
+  (0, _http.validateOptions)('createCustomIndex', ['kappSlug', 'formSlug', 'index'], options);
+  var index = options.index;
+  var payload = {
+    name: index.name,
+    unique: !!index.unique,
+    parts: (index.parts || []).map(sanitizePart)
+  };
+  return _axios["default"].post(indexesUrl(options), payload, {
+    params: (0, _http.paramBuilder)(options),
+    headers: (0, _http.headerBuilder)(options)
+  }).then(function (response) {
+    return {
+      index: response.data.index
+    };
+  })["catch"](_http.handleErrors);
+};
+
+/**
+ * Drops a custom Postgres index by name.
+ *
+ * @param {Object} options
+ * @param {string} options.kappSlug
+ * @param {string} options.formSlug
+ * @param {string} options.indexName
+ * @returns {Promise<{}|{error: Object}>}
+ */
+var deleteCustomIndex = exports.deleteCustomIndex = function deleteCustomIndex() {
+  var options = arguments.length > 0 && arguments[0] !== undefined ? arguments[0] : {};
+  (0, _http.validateOptions)('deleteCustomIndex', ['kappSlug', 'formSlug', 'indexName'], options);
+  return _axios["default"]["delete"](indexUrl(options), {
+    params: (0, _http.paramBuilder)(options),
+    headers: (0, _http.headerBuilder)(options)
+  }).then(function () {
+    return {};
+  })["catch"](_http.handleErrors);
+};