@kwiz/common 1.0.127 → 1.0.129

package/src/utils/auth/common.ts

@@ -1,74 +1,119 @@
-import { isNullOrEmptyString, isNullOrUndefined } from "../../helpers/typecheckers";
-import { SPFxAuthTokenType } from "../../types/auth";
-import { GetJson, shortLocalCache } from "../rest";
-import { GetRestBaseUrl } from "../sharepoint.rest/common";
-
-export function GetTokenAudiencePrefix(appId: string) {
-    return `api://${appId}`;
-}
-export function GetDefaultScope(appId: string) {
-    return `${GetTokenAudiencePrefix(appId)}/access_as_user`;
-}
-export function GetMSALSiteScope(hostName: string) {
-    return `https://${hostName}`;
-}
-
-/** Acquire an authorization token for a Outlook, Graph, or SharePoint the same way SPFx clients do */
-export async function GetSPFxClientAuthToken(siteUrl: string, spfxTokenType: SPFxAuthTokenType = SPFxAuthTokenType.Graph) {
-    try {
-        let acquireURL = `${GetRestBaseUrl(siteUrl)}/SP.OAuth.Token/Acquire`;
-
-        //todo: add all the resource end points (ie. OneNote, Yammer, Stream)
-        let resource = "";
-        let isSPOToken = false;
-        switch (spfxTokenType) {
-            case SPFxAuthTokenType.Outlook:
-                resource = "https://outlook.office365.com";
-                break;
-            case SPFxAuthTokenType.SharePoint:
-            case SPFxAuthTokenType.MySite:
-                isSPOToken = true;
-                resource = new URL(acquireURL).origin;
-                if (spfxTokenType === SPFxAuthTokenType.MySite) {
-                    let split = resource.split(".");
-                    split[0] += "-my";
-                    resource = split.join(".");
-                }
-                break;
-            case SPFxAuthTokenType.MySite:
-                resource = new URL(acquireURL).origin
-                break;
-            default:
-                resource = "https://graph.microsoft.com";
-        }
-
-        let data = {
-            resource: resource,
-            tokenType: isSPOToken ? "SPO" : undefined
-        };
-
-        let result = await GetJson<{
-            access_token: string;
-            expires_on: string;
-            resource: string;
-            scope: string;
-            token_type: string;
-        }>(
-            acquireURL,
-            JSON.stringify(data),
-            {
-                ...shortLocalCache,
-                postCacheKey: `${spfxTokenType}_${_spPageContextInfo.webId}`,
-                includeDigestInPost: true,
-                headers: {
-                    "Accept": "application/json;odata.metadata=minimal",
-                    "content-type": "application/json; charset=UTF-8",
-                    "odata-version": "4.0",
-                }
-            });
-
-        return !isNullOrUndefined(result) && !isNullOrEmptyString(result.access_token) ? result.access_token : null;
-    } catch {
-    }
-    return null;
-}
+import { getCacheItem, IRestOptions, setCacheItem } from "../../exports-index";
+import { isNullOrEmptyString, isNullOrUndefined, isNumber } from "../../helpers/typecheckers";
+import { SPFxAuthToken, SPFxAuthTokenType } from "../../types/auth";
+import { GetJson, GetJsonSync } from "../rest";
+import { GetRestBaseUrl } from "../sharepoint.rest/common";
+
+export function GetTokenAudiencePrefix(appId: string) {
+    return `api://${appId}`;
+}
+export function GetDefaultScope(appId: string) {
+    return `${GetTokenAudiencePrefix(appId)}/access_as_user`;
+}
+export function GetMSALSiteScope(hostName: string) {
+    return `https://${hostName}`;
+}
+
+function _getGetSPFxClientAuthTokenParams(siteUrl: string, spfxTokenType: SPFxAuthTokenType = SPFxAuthTokenType.Graph) {
+    let acquireURL = `${GetRestBaseUrl(siteUrl)}/SP.OAuth.Token/Acquire`;
+    //todo: add all the resource end points (ie. OneNote, Yammer, Stream)
+    let resource = "";
+    let isSPOToken = false;
+    switch (spfxTokenType) {
+        case SPFxAuthTokenType.Outlook:
+            resource = "https://outlook.office365.com/search";
+            break;
+        case SPFxAuthTokenType.SharePoint:
+        case SPFxAuthTokenType.MySite:
+            isSPOToken = true;
+            resource = new URL(acquireURL).origin;
+            if (spfxTokenType === SPFxAuthTokenType.MySite) {
+                let split = resource.split(".");
+                split[0] += "-my";
+                resource = split.join(".");
+            }
+            break;
+        default:
+            resource = "https://graph.microsoft.com";
+    }
+
+    let data = {
+        resource: resource,
+        tokenType: isSPOToken ? "SPO" : undefined
+    };
+
+    let params: {
+        url: string,
+        body: string,
+        options: IRestOptions
+    } = {
+        url: acquireURL,
+        body: JSON.stringify(data),
+        options: {
+            allowCache: false,
+            // ...shortLocalCache,
+            // postCacheKey: `${spfxTokenType}_${_spPageContextInfo.webId}`,
+            includeDigestInPost: true,
+            headers: {
+                "Accept": "application/json;odata.metadata=minimal",
+                "content-type": "application/json; charset=UTF-8",
+                "odata-version": "4.0",
+            }
+        }
+    };
+
+    return params;
+}
+
+function _parseAndCacheGetSPFxClientAuthTokenResult(result: SPFxAuthToken, spfxTokenType: SPFxAuthTokenType = SPFxAuthTokenType.Graph) {
+    if (!isNullOrUndefined(result) && !isNullOrEmptyString(result.access_token)) {
+        let expiration = isNumber(result.expires_on) ?
+            new Date(result.expires_on * 1000) :
+            {
+                minutes: 15
+            };
+
+        setCacheItem(`access_token_${spfxTokenType}_${_spPageContextInfo.webId}`, result.access_token, expiration);
+
+        return result.access_token;
+    }
+    return null;
+}
+
+function _getSPFxClientAuthTokenFromCache(spfxTokenType: SPFxAuthTokenType = SPFxAuthTokenType.Graph) {
+    let cachedToken = getCacheItem<string>(`access_token_${spfxTokenType}_${_spPageContextInfo.webId}`);
+    if (!isNullOrEmptyString(cachedToken)) {
+        return cachedToken;
+    }
+    return null;
+}
+
+/** Acquire an authorization token for a Outlook, Graph, or SharePoint the same way SPFx clients do */
+export async function GetSPFxClientAuthToken(siteUrl: string, spfxTokenType: SPFxAuthTokenType = SPFxAuthTokenType.Graph) {
+    try {
+        let cachedToken = _getSPFxClientAuthTokenFromCache(spfxTokenType);
+        if (!isNullOrEmptyString(cachedToken)) {
+            return cachedToken;
+        }
+        let { url, body, options } = _getGetSPFxClientAuthTokenParams(siteUrl, spfxTokenType);
+        let result = await GetJson<SPFxAuthToken>(url, body, options);
+        return _parseAndCacheGetSPFxClientAuthTokenResult(result, spfxTokenType);
+    } catch {
+    }
+    return null;
+}
+
+/** Acquire an authorization token for a Outlook, Graph, or SharePoint the same way SPFx clients do */
+export function GetSPFxClientAuthTokenSync(siteUrl: string, spfxTokenType: SPFxAuthTokenType = SPFxAuthTokenType.Graph) {
+    try {
+        let cachedToken = _getSPFxClientAuthTokenFromCache(spfxTokenType);
+        if (!isNullOrEmptyString(cachedToken)) {
+            return cachedToken;
+        }
+        let { url, body, options } = _getGetSPFxClientAuthTokenParams(siteUrl, spfxTokenType);
+        let response = GetJsonSync<SPFxAuthToken>(url, body, options);
+        return _parseAndCacheGetSPFxClientAuthTokenResult(response.result, spfxTokenType);
+    } catch {
+    }
+    return null;
+}

package/src/utils/auth/discovery.test.js

@@ -1,13 +1,13 @@
-import assert from 'assert/strict';
-import test from 'node:test';
-import { normalizeGuid } from '../../helpers/strings';
-import { isValidGuid } from '../../helpers/typecheckers';
-import { DiscoverTenantInfo } from './discovery';
-
-test('DiscoverTenantInfo', async t => {
-    global.XMLHttpRequest = require('xhr2');
-    let info = await DiscoverTenantInfo("kwizcomdev.sharepoint.com");
-    await t.test("response not null/undefined", t => assert.notDeepEqual(info, null) && assert.notDeepEqual(info, undefined));
-    await t.test("has valid guid", t => assert.deepEqual(isValidGuid(info && info.idOrName), true));
-    await t.test("has correct guid", t => assert.deepEqual(normalizeGuid(info && info.idOrName), normalizeGuid("3bf37eb8-6c20-45a9-aff6-ac72d276f375")));
+import assert from 'assert/strict';
+import test from 'node:test';
+import { normalizeGuid } from '../../helpers/strings';
+import { isValidGuid } from '../../helpers/typecheckers';
+import { DiscoverTenantInfo } from './discovery';
+
+test('DiscoverTenantInfo', async t => {
+    global.XMLHttpRequest = require('xhr2');
+    let info = await DiscoverTenantInfo("kwizcomdev.sharepoint.com");
+    await t.test("response not null/undefined", t => assert.notDeepEqual(info, null) && assert.notDeepEqual(info, undefined));
+    await t.test("has valid guid", t => assert.deepEqual(isValidGuid(info && info.idOrName), true));
+    await t.test("has correct guid", t => assert.deepEqual(normalizeGuid(info && info.idOrName), normalizeGuid("3bf37eb8-6c20-45a9-aff6-ac72d276f375")));
 });

package/src/utils/auth/discovery.ts

@@ -1,132 +1,132 @@
-import { promiseOnce } from "../../helpers/promises";
-import { isNullOrEmptyString, isValidGuid } from "../../helpers/typecheckers";
-import { AzureEnvironment, ITenantInfo } from "../../types/auth";
-import { GetJson, GetJsonSync } from "../rest";
-
-interface IOpenidConfiguration {
-    token_endpoint: string;//https://login.microsoftonline.com/7d034656-be03-457d-8d82-60e90cf5f400/oauth2/token
-    cloud_instance_name: string;//microsoftonline.com
-    token_endpoint_auth_methods_supported: string[];// ["client_secret_post", "private_key_jwt", "client_secret_basic"]
-    response_modes_supported: string[];// ["query", "fragment", "form_post"]
-    response_types_supported: string[];// ["code", "id_token", "code id_token", "token id_token", "token"]
-    scopes_supported: string[];// ["openid"]
-    issuer: string;//https://sts.windows.net/7d034656-be03-457d-8d82-60e90cf5f400/
-    authorization_endpoint: string;//https://login.microsoftonline.com/7d034656-be03-457d-8d82-60e90cf5f400/oauth2/authorize
-    device_authorization_endpoint: string;//https://login.microsoftonline.com/7d034656-be03-457d-8d82-60e90cf5f400/oauth2/devicecode
-    end_session_endpoint: string;//https://login.microsoftonline.com/7d034656-be03-457d-8d82-60e90cf5f400/oauth2/logout
-    userinfo_endpoint: string;//https://login.microsoftonline.com/7d034656-be03-457d-8d82-60e90cf5f400/openid/userinfo
-    tenant_region_scope: string;//NA
-    cloud_graph_host_name: string;//graph.windows.net
-    msgraph_host: string;//graph.microsoft.com
-}
-
-function _getFriendlyName(hostName: string) {
-    if (hostName.indexOf(".sharepoint.") !== -1) {
-        let hostParts = hostName.split('.');//should be xxx.sharepoint.com or xxx.sharepoint.us
-        let firstHostPart = hostParts[0];
-        let lastHostPart = hostParts[hostParts.length - 1] === "us" || hostParts[hostParts.length - 1] === "de" ? hostParts[hostParts.length - 1] : "com";
-        if (firstHostPart.endsWith("-admin")) firstHostPart = firstHostPart.substring(0, firstHostPart.length - 6);
-        return `${firstHostPart}.onmicrosoft.${lastHostPart}`;
-    }
-    else {
-        return hostName;//could be an exchange email domain, or bpos customer
-    }
-}
-
-function _getOpenIdConfigurationUrl(friendlyName: string) {
-    return `https://login.microsoftonline.com/${friendlyName}/v2.0/.well-known/openid-configuration`;
-}
-
-function _processOpenidConfiguration(config: IOpenidConfiguration, friendlyName: string) {
-    let data: ITenantInfo = {
-        environment: AzureEnvironment.Production,
-        idOrName: null,
-        authorityUrl: null,
-        valid: false
-    };
-
-    let endpoint = config.token_endpoint;//https://xxxx/{tenant}/....
-    let tenantId = endpoint.replace("//", "/").split('/')[2];//replace :// with :/ split by / and take the second part.
-    let instance = config.cloud_instance_name;//microsoftonline.us
-
-    data.environment = GetEnvironmentFromACSEndPoint(instance);
-    if (!isNullOrEmptyString(tenantId) || isValidGuid(tenantId)) {
-        data.idOrName = tenantId;
-    } else {
-        data.idOrName = friendlyName;
-    }
-
-    data.authorityUrl = `${GetAzureADLoginEndPoint(data.environment)}/${data.idOrName}`;
-    data.valid = true;
-
-    return data;
-}
-
-export function DiscoverTenantInfo(hostName: string, sync?: false): Promise<ITenantInfo>
-export function DiscoverTenantInfo(hostName: string, sync: true): ITenantInfo
-export function DiscoverTenantInfo(hostName: string, sync?: boolean): ITenantInfo | Promise<ITenantInfo> {
-    hostName = hostName.toLowerCase();
-
-    let friendlyName = _getFriendlyName(hostName);
-    let url = _getOpenIdConfigurationUrl(friendlyName);
-
-    if (sync === true) {
-        try {
-            let response = GetJsonSync<IOpenidConfiguration>(url);
-            let config = response.result;
-            let data = _processOpenidConfiguration(config, friendlyName);
-            return data;
-        } catch (ex) {
-            console.log(ex);
-        }
-        return null;
-    } else {
-        return promiseOnce(`DiscoverTenantInfo|${hostName}`, async () => {
-            try {
-                let config = await GetJson<IOpenidConfiguration>(url);
-                let data = _processOpenidConfiguration(config, friendlyName);
-                return data;
-            }
-            catch (ex) {
-                console.log(ex);
-            }
-            return null;
-        });
-    }
-}
-
-export function AutoDiscoverTenantInfo(sync?: false): Promise<ITenantInfo>
-export function AutoDiscoverTenantInfo(sync: true): ITenantInfo
-export function AutoDiscoverTenantInfo(sync?: boolean): ITenantInfo | Promise<ITenantInfo> {
-    if (sync === true) {
-        return DiscoverTenantInfo(window.location.hostname.toLowerCase(), true);
-    }
-    return DiscoverTenantInfo(window.location.hostname.toLowerCase(), false);
-}
-
-export function GetEnvironmentFromACSEndPoint(ACSEndPoint: string): AzureEnvironment {
-    switch (ACSEndPoint) {
-        case "microsoftonline.us":
-            return AzureEnvironment.USGovernment;
-        case "microsoftonline.de":
-            return AzureEnvironment.Germany;
-        case "accesscontrol.chinacloudapi.cn":
-            return AzureEnvironment.China;
-        case "windows-ppe.net":
-            return AzureEnvironment.PPE;
-        case "accesscontrol.windows.net":
-        default:
-            return AzureEnvironment.Production;
-    }
-}
-export function GetAzureADLoginEndPoint(environment: AzureEnvironment): string {
-    switch (environment) {
-        case AzureEnvironment.Germany: return "https://login.microsoftonline.de";
-        case AzureEnvironment.China: return "https://login.chinacloudapi.cn";
-        case AzureEnvironment.USGovernment: return "https://login.microsoftonline.us";
-        case AzureEnvironment.PPE: return "https://login.windows-ppe.net";
-        case AzureEnvironment.Production:
-        default:
-            return "https://login.microsoftonline.com";
-    }
-}
+import { promiseOnce } from "../../helpers/promises";
+import { isNullOrEmptyString, isValidGuid } from "../../helpers/typecheckers";
+import { AzureEnvironment, ITenantInfo } from "../../types/auth";
+import { GetJson, GetJsonSync } from "../rest";
+
+interface IOpenidConfiguration {
+    token_endpoint: string;//https://login.microsoftonline.com/7d034656-be03-457d-8d82-60e90cf5f400/oauth2/token
+    cloud_instance_name: string;//microsoftonline.com
+    token_endpoint_auth_methods_supported: string[];// ["client_secret_post", "private_key_jwt", "client_secret_basic"]
+    response_modes_supported: string[];// ["query", "fragment", "form_post"]
+    response_types_supported: string[];// ["code", "id_token", "code id_token", "token id_token", "token"]
+    scopes_supported: string[];// ["openid"]
+    issuer: string;//https://sts.windows.net/7d034656-be03-457d-8d82-60e90cf5f400/
+    authorization_endpoint: string;//https://login.microsoftonline.com/7d034656-be03-457d-8d82-60e90cf5f400/oauth2/authorize
+    device_authorization_endpoint: string;//https://login.microsoftonline.com/7d034656-be03-457d-8d82-60e90cf5f400/oauth2/devicecode
+    end_session_endpoint: string;//https://login.microsoftonline.com/7d034656-be03-457d-8d82-60e90cf5f400/oauth2/logout
+    userinfo_endpoint: string;//https://login.microsoftonline.com/7d034656-be03-457d-8d82-60e90cf5f400/openid/userinfo
+    tenant_region_scope: string;//NA
+    cloud_graph_host_name: string;//graph.windows.net
+    msgraph_host: string;//graph.microsoft.com
+}
+
+function _getFriendlyName(hostName: string) {
+    if (hostName.indexOf(".sharepoint.") !== -1) {
+        let hostParts = hostName.split('.');//should be xxx.sharepoint.com or xxx.sharepoint.us
+        let firstHostPart = hostParts[0];
+        let lastHostPart = hostParts[hostParts.length - 1] === "us" || hostParts[hostParts.length - 1] === "de" ? hostParts[hostParts.length - 1] : "com";
+        if (firstHostPart.endsWith("-admin")) firstHostPart = firstHostPart.substring(0, firstHostPart.length - 6);
+        return `${firstHostPart}.onmicrosoft.${lastHostPart}`;
+    }
+    else {
+        return hostName;//could be an exchange email domain, or bpos customer
+    }
+}
+
+function _getOpenIdConfigurationUrl(friendlyName: string) {
+    return `https://login.microsoftonline.com/${friendlyName}/v2.0/.well-known/openid-configuration`;
+}
+
+function _processOpenidConfiguration(config: IOpenidConfiguration, friendlyName: string) {
+    let data: ITenantInfo = {
+        environment: AzureEnvironment.Production,
+        idOrName: null,
+        authorityUrl: null,
+        valid: false
+    };
+
+    let endpoint = config.token_endpoint;//https://xxxx/{tenant}/....
+    let tenantId = endpoint.replace("//", "/").split('/')[2];//replace :// with :/ split by / and take the second part.
+    let instance = config.cloud_instance_name;//microsoftonline.us
+
+    data.environment = GetEnvironmentFromACSEndPoint(instance);
+    if (!isNullOrEmptyString(tenantId) || isValidGuid(tenantId)) {
+        data.idOrName = tenantId;
+    } else {
+        data.idOrName = friendlyName;
+    }
+
+    data.authorityUrl = `${GetAzureADLoginEndPoint(data.environment)}/${data.idOrName}`;
+    data.valid = true;
+
+    return data;
+}
+
+export function DiscoverTenantInfo(hostName: string, sync?: false): Promise<ITenantInfo>
+export function DiscoverTenantInfo(hostName: string, sync: true): ITenantInfo
+export function DiscoverTenantInfo(hostName: string, sync?: boolean): ITenantInfo | Promise<ITenantInfo> {
+    hostName = hostName.toLowerCase();
+
+    let friendlyName = _getFriendlyName(hostName);
+    let url = _getOpenIdConfigurationUrl(friendlyName);
+
+    if (sync === true) {
+        try {
+            let response = GetJsonSync<IOpenidConfiguration>(url);
+            let config = response.result;
+            let data = _processOpenidConfiguration(config, friendlyName);
+            return data;
+        } catch (ex) {
+            console.log(ex);
+        }
+        return null;
+    } else {
+        return promiseOnce(`DiscoverTenantInfo|${hostName}`, async () => {
+            try {
+                let config = await GetJson<IOpenidConfiguration>(url);
+                let data = _processOpenidConfiguration(config, friendlyName);
+                return data;
+            }
+            catch (ex) {
+                console.log(ex);
+            }
+            return null;
+        });
+    }
+}
+
+export function AutoDiscoverTenantInfo(sync?: false): Promise<ITenantInfo>
+export function AutoDiscoverTenantInfo(sync: true): ITenantInfo
+export function AutoDiscoverTenantInfo(sync?: boolean): ITenantInfo | Promise<ITenantInfo> {
+    if (sync === true) {
+        return DiscoverTenantInfo(window.location.hostname.toLowerCase(), true);
+    }
+    return DiscoverTenantInfo(window.location.hostname.toLowerCase(), false);
+}
+
+export function GetEnvironmentFromACSEndPoint(ACSEndPoint: string): AzureEnvironment {
+    switch (ACSEndPoint) {
+        case "microsoftonline.us":
+            return AzureEnvironment.USGovernment;
+        case "microsoftonline.de":
+            return AzureEnvironment.Germany;
+        case "accesscontrol.chinacloudapi.cn":
+            return AzureEnvironment.China;
+        case "windows-ppe.net":
+            return AzureEnvironment.PPE;
+        case "accesscontrol.windows.net":
+        default:
+            return AzureEnvironment.Production;
+    }
+}
+export function GetAzureADLoginEndPoint(environment: AzureEnvironment): string {
+    switch (environment) {
+        case AzureEnvironment.Germany: return "https://login.microsoftonline.de";
+        case AzureEnvironment.China: return "https://login.chinacloudapi.cn";
+        case AzureEnvironment.USGovernment: return "https://login.microsoftonline.us";
+        case AzureEnvironment.PPE: return "https://login.windows-ppe.net";
+        case AzureEnvironment.Production:
+        default:
+            return "https://login.microsoftonline.com";
+    }
+}

package/src/utils/base64.ts

@@ -1,28 +1,28 @@
-import { blobToBase64 } from "../helpers/base64";
-import { isNullOrEmptyString } from "../helpers/typecheckers";
-import { GetJson } from "./rest";
-import { GetFile } from "./sharepoint.rest/file.folder";
-
-/** if the file is in SharePoint, provide a siteRelativeUrl so that we can get the file value via REST api to avoid CORS error when accessing a file on the site from within the app web */
-export async function imageToBase64(imageSrc: string, siteRelativeUrl?: string): Promise<string> {
-    try {
-        let fileBlob: Blob = null;
-        if (!isNullOrEmptyString(siteRelativeUrl) && imageSrc.toLowerCase().indexOf(siteRelativeUrl.toLowerCase()) >= 0) {
-            let spFile = await GetFile<Blob>(siteRelativeUrl, imageSrc, true, "blob");
-            if (spFile && spFile.Exists)
-                fileBlob = spFile.Content;
-        }
-
-        //try simple rest if the first option failed
-        if (fileBlob === null) {
-            fileBlob = await GetJson<Blob>(imageSrc, null, { responseType: "blob", allowCache: true });
-        }
-
-        if (fileBlob) {
-            let base64 = await blobToBase64(fileBlob);
-            return base64;
-        }
-    } catch (e) {
-    }
-    return null;
+import { blobToBase64 } from "../helpers/base64";
+import { isNullOrEmptyString } from "../helpers/typecheckers";
+import { GetJson } from "./rest";
+import { GetFile } from "./sharepoint.rest/file.folder";
+
+/** if the file is in SharePoint, provide a siteRelativeUrl so that we can get the file value via REST api to avoid CORS error when accessing a file on the site from within the app web */
+export async function imageToBase64(imageSrc: string, siteRelativeUrl?: string): Promise<string> {
+    try {
+        let fileBlob: Blob = null;
+        if (!isNullOrEmptyString(siteRelativeUrl) && imageSrc.toLowerCase().indexOf(siteRelativeUrl.toLowerCase()) >= 0) {
+            let spFile = await GetFile<Blob>(siteRelativeUrl, imageSrc, true, "blob");
+            if (spFile && spFile.Exists)
+                fileBlob = spFile.Content;
+        }
+
+        //try simple rest if the first option failed
+        if (fileBlob === null) {
+            fileBlob = await GetJson<Blob>(imageSrc, null, { responseType: "blob", allowCache: true });
+        }
+
+        if (fileBlob) {
+            let base64 = await blobToBase64(fileBlob);
+            return base64;
+        }
+    } catch (e) {
+    }
+    return null;
 }