@leapdev/auth-agent 2.2.13-beta.0 → 2.2.13-beta.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +4 -0
- package/package.json +1 -1
- package/src/index.js +1 -4
- package/src/lib/auth-agent.js +17 -20
- package/src/lib/auth.service.js +54 -58
- package/src/lib/authentication.js +147 -151
- package/src/lib/config.js +5 -9
- package/src/lib/idle-timer.js +22 -26
- package/src/lib/notification.js +40 -44
- package/src/lib/redirections.js +1 -5
- package/src/lib/types.js +2 -5
- package/src/lib/utils.js +9 -17
|
@@ -1,21 +1,18 @@
|
|
|
1
|
-
"use strict";
|
|
2
1
|
var _Authentication_accessToken, _Authentication_config, _Authentication_leapAuthService, _Authentication_notification, _Authentication_refreshInfo, _Authentication_exchangeAuthCodeForAccessToken, _Authentication_verifyAndPerformRedirections, _Authentication_startRefreshAccessTokenProcess, _Authentication_destroyRefreshAccessTokenProcess, _Authentication_decodeAccessToken;
|
|
3
|
-
|
|
4
|
-
|
|
5
|
-
|
|
6
|
-
|
|
7
|
-
|
|
8
|
-
|
|
9
|
-
|
|
10
|
-
|
|
11
|
-
const utils_1 = require("./utils");
|
|
12
|
-
const redirections_1 = require("./redirections");
|
|
2
|
+
import { __awaiter, __classPrivateFieldGet, __classPrivateFieldSet } from "tslib";
|
|
3
|
+
import { isFunction } from 'lodash';
|
|
4
|
+
import { init } from './config';
|
|
5
|
+
import { LeapAuthService } from './auth.service';
|
|
6
|
+
import { HookName, } from './types';
|
|
7
|
+
import { Notification } from './notification';
|
|
8
|
+
import { createCodeChallenge, createRandomString, deleteQueryParameter, getQueryParameter } from './utils';
|
|
9
|
+
import { getRedirectUri } from './redirections';
|
|
13
10
|
const SECONDS_BEFORE_EXPIRE = 30;
|
|
14
11
|
const MAX_SETTIME_OUT = 2147483647;
|
|
15
12
|
const DEFAULT_AUTHORIZE_TIMEOUT_IN_SECONDS = 60;
|
|
16
13
|
const CLEANUP_IFRAME_TIMEOUT_IN_SECONDS = 2;
|
|
17
14
|
const PASSTHROUGH_SESSION_KEY = 'leap-auth-agent-passthrough';
|
|
18
|
-
class Authentication {
|
|
15
|
+
export class Authentication {
|
|
19
16
|
constructor(options) {
|
|
20
17
|
_Authentication_accessToken.set(this, void 0);
|
|
21
18
|
_Authentication_config.set(this, void 0);
|
|
@@ -24,100 +21,100 @@ class Authentication {
|
|
|
24
21
|
_Authentication_refreshInfo.set(this, void 0);
|
|
25
22
|
this.registerEventListenerForUserChannel = (params) => {
|
|
26
23
|
const { topic, messageType, callback } = params;
|
|
27
|
-
|
|
24
|
+
__classPrivateFieldGet(this, _Authentication_notification, "f").registerEventListenerForUserChannel({
|
|
28
25
|
topic,
|
|
29
26
|
messageType,
|
|
30
27
|
callback,
|
|
31
28
|
});
|
|
32
29
|
};
|
|
33
|
-
this.initNotification = () =>
|
|
30
|
+
this.initNotification = () => __awaiter(this, void 0, void 0, function* () {
|
|
34
31
|
const decodedToken = yield this.getDecodedRefreshedAccessToken();
|
|
35
32
|
if (decodedToken) {
|
|
36
|
-
yield
|
|
37
|
-
authHost:
|
|
38
|
-
clientId:
|
|
33
|
+
yield __classPrivateFieldGet(this, _Authentication_notification, "f").init({
|
|
34
|
+
authHost: __classPrivateFieldGet(this, _Authentication_config, "f").authHost,
|
|
35
|
+
clientId: __classPrivateFieldGet(this, _Authentication_config, "f").clientId,
|
|
39
36
|
firmId: decodedToken.firmId,
|
|
40
37
|
userId: decodedToken.userId,
|
|
41
|
-
uniqueSession: !!
|
|
42
|
-
hooks:
|
|
38
|
+
uniqueSession: !!__classPrivateFieldGet(this, _Authentication_config, "f").uniqueSession,
|
|
39
|
+
hooks: __classPrivateFieldGet(this, _Authentication_config, "f").hooks,
|
|
43
40
|
});
|
|
44
41
|
}
|
|
45
42
|
});
|
|
46
43
|
this.destroyNotification = () => {
|
|
47
|
-
|
|
44
|
+
__classPrivateFieldGet(this, _Authentication_notification, "f").destroy();
|
|
48
45
|
};
|
|
49
|
-
this.login = (noPrompt) =>
|
|
46
|
+
this.login = (noPrompt) => __awaiter(this, void 0, void 0, function* () {
|
|
50
47
|
const done = yield this.checkAuthCode();
|
|
51
|
-
if (done && !!
|
|
52
|
-
return
|
|
48
|
+
if (done && !!__classPrivateFieldGet(this, _Authentication_accessToken, "f")) {
|
|
49
|
+
return __classPrivateFieldGet(this, _Authentication_accessToken, "f");
|
|
53
50
|
}
|
|
54
51
|
else {
|
|
55
|
-
const code_verifier =
|
|
56
|
-
const state =
|
|
52
|
+
const code_verifier = createRandomString(64);
|
|
53
|
+
const state = createRandomString(6);
|
|
57
54
|
window.sessionStorage.setItem(state, code_verifier);
|
|
58
|
-
const { code_challenge, code_challenge_method } = yield
|
|
59
|
-
const scope =
|
|
55
|
+
const { code_challenge, code_challenge_method } = yield createCodeChallenge(code_verifier);
|
|
56
|
+
const scope = __classPrivateFieldGet(this, _Authentication_config, "f").scopes.join(',');
|
|
60
57
|
const prompt = noPrompt ? 'none' : '';
|
|
61
|
-
const url = `${
|
|
58
|
+
const url = `${__classPrivateFieldGet(this, _Authentication_config, "f").authHost}/oauth/authorize?response_type=code&scope=${scope}&client_id=${__classPrivateFieldGet(this, _Authentication_config, "f").clientId}&redirect_uri=${encodeURIComponent(window.location.href)}&code_challenge=${encodeURIComponent(code_challenge)}&code_challenge_method=${code_challenge_method}&state=${state}&prompt=${prompt}&remember_me=${__classPrivateFieldGet(this, _Authentication_config, "f").rememberMe}`;
|
|
62
59
|
window.location.assign(url);
|
|
63
60
|
return;
|
|
64
61
|
}
|
|
65
62
|
});
|
|
66
63
|
this.logout = (force = false, redirectUrl) => {
|
|
67
|
-
|
|
64
|
+
__classPrivateFieldSet(this, _Authentication_accessToken, undefined, "f");
|
|
68
65
|
const redirectUri = encodeURIComponent(redirectUrl || window.location.href);
|
|
69
|
-
window.location.href = `${
|
|
70
|
-
|
|
66
|
+
window.location.href = `${__classPrivateFieldGet(this, _Authentication_config, "f").authHost}/oauth/logout?force=${force}&redirect_uri=${redirectUri}`;
|
|
67
|
+
__classPrivateFieldGet(this, _Authentication_destroyRefreshAccessTokenProcess, "f").call(this);
|
|
71
68
|
};
|
|
72
69
|
this.getAccessToken = () => {
|
|
73
|
-
if (
|
|
70
|
+
if (__classPrivateFieldGet(this, _Authentication_accessToken, "f") === undefined || !__classPrivateFieldGet(this, _Authentication_accessToken, "f")) {
|
|
74
71
|
return '';
|
|
75
72
|
}
|
|
76
73
|
else {
|
|
77
|
-
return
|
|
74
|
+
return __classPrivateFieldGet(this, _Authentication_accessToken, "f");
|
|
78
75
|
}
|
|
79
76
|
};
|
|
80
|
-
this.getRefreshedAccessToken = (force) =>
|
|
81
|
-
if (
|
|
77
|
+
this.getRefreshedAccessToken = (force) => __awaiter(this, void 0, void 0, function* () {
|
|
78
|
+
if (__classPrivateFieldGet(this, _Authentication_accessToken, "f") === undefined || !__classPrivateFieldGet(this, _Authentication_accessToken, "f")) {
|
|
82
79
|
return '';
|
|
83
80
|
}
|
|
84
81
|
else {
|
|
85
|
-
if (
|
|
86
|
-
const decoded =
|
|
82
|
+
if (__classPrivateFieldGet(this, _Authentication_refreshInfo, "f") && __classPrivateFieldGet(this, _Authentication_refreshInfo, "f").accessTokenExpireIn) {
|
|
83
|
+
const decoded = __classPrivateFieldGet(this, _Authentication_decodeAccessToken, "f").call(this, __classPrivateFieldGet(this, _Authentication_accessToken, "f"));
|
|
87
84
|
if (force || (!!decoded && ((decoded.exp - SECONDS_BEFORE_EXPIRE) * 1000 < Date.now()))) {
|
|
88
|
-
const data = yield
|
|
89
|
-
refreshToken:
|
|
90
|
-
verifier:
|
|
85
|
+
const data = yield __classPrivateFieldGet(this, _Authentication_leapAuthService, "f").renewAccessToken({
|
|
86
|
+
refreshToken: __classPrivateFieldGet(this, _Authentication_refreshInfo, "f").refreshToken,
|
|
87
|
+
verifier: __classPrivateFieldGet(this, _Authentication_refreshInfo, "f").verifier,
|
|
91
88
|
});
|
|
92
89
|
if (data) {
|
|
93
90
|
if (data.refresh_token && data.expires_in) {
|
|
94
|
-
|
|
91
|
+
__classPrivateFieldSet(this, _Authentication_refreshInfo, Object.assign(Object.assign({}, __classPrivateFieldGet(this, _Authentication_refreshInfo, "f")), { refreshToken: data.refresh_token, accessTokenExpireIn: data.expires_in }), "f");
|
|
95
92
|
}
|
|
96
|
-
|
|
97
|
-
yield this.triggerHooks(
|
|
98
|
-
return
|
|
93
|
+
__classPrivateFieldSet(this, _Authentication_accessToken, data.access_token, "f");
|
|
94
|
+
yield this.triggerHooks(HookName.afterRefreshToken);
|
|
95
|
+
return __classPrivateFieldGet(this, _Authentication_accessToken, "f");
|
|
99
96
|
}
|
|
100
97
|
}
|
|
101
98
|
}
|
|
102
|
-
return
|
|
99
|
+
return __classPrivateFieldGet(this, _Authentication_accessToken, "f");
|
|
103
100
|
}
|
|
104
101
|
});
|
|
105
102
|
this.getDecodedAccessToken = () => {
|
|
106
|
-
if (!
|
|
103
|
+
if (!__classPrivateFieldGet(this, _Authentication_accessToken, "f")) {
|
|
107
104
|
return undefined;
|
|
108
105
|
}
|
|
109
|
-
return
|
|
106
|
+
return __classPrivateFieldGet(this, _Authentication_decodeAccessToken, "f").call(this, __classPrivateFieldGet(this, _Authentication_accessToken, "f"));
|
|
110
107
|
};
|
|
111
|
-
this.getDecodedRefreshedAccessToken = (force) =>
|
|
108
|
+
this.getDecodedRefreshedAccessToken = (force) => __awaiter(this, void 0, void 0, function* () {
|
|
112
109
|
const token = yield this.getRefreshedAccessToken(force);
|
|
113
110
|
if (!token) {
|
|
114
111
|
return undefined;
|
|
115
112
|
}
|
|
116
|
-
return
|
|
113
|
+
return __classPrivateFieldGet(this, _Authentication_decodeAccessToken, "f").call(this, token);
|
|
117
114
|
});
|
|
118
115
|
this.getHooks = () => {
|
|
119
|
-
if (
|
|
120
|
-
return
|
|
116
|
+
if (__classPrivateFieldGet(this, _Authentication_config, "f")) {
|
|
117
|
+
return __classPrivateFieldGet(this, _Authentication_config, "f").hooks;
|
|
121
118
|
}
|
|
122
119
|
else {
|
|
123
120
|
return undefined;
|
|
@@ -125,40 +122,40 @@ class Authentication {
|
|
|
125
122
|
};
|
|
126
123
|
this.setHook = (params) => {
|
|
127
124
|
const { name, callback } = params;
|
|
128
|
-
if (!Object.values(
|
|
125
|
+
if (!Object.values(HookName).find((h) => h === name)) {
|
|
129
126
|
throw Error('Unsupported hook: ' + name);
|
|
130
127
|
}
|
|
131
|
-
if (!
|
|
128
|
+
if (!isFunction(callback)) {
|
|
132
129
|
throw Error('hook must be a function: ' + name);
|
|
133
130
|
}
|
|
134
|
-
|
|
135
|
-
if (name ===
|
|
136
|
-
|
|
131
|
+
__classPrivateFieldSet(this, _Authentication_config, Object.assign(Object.assign({}, __classPrivateFieldGet(this, _Authentication_config, "f")), { hooks: Object.assign(Object.assign({}, __classPrivateFieldGet(this, _Authentication_config, "f").hooks), { [name]: callback }) }), "f");
|
|
132
|
+
if (name === HookName.uniqueSessionTrigger) {
|
|
133
|
+
__classPrivateFieldGet(this, _Authentication_notification, "f").setUniqueSessionTriggerHook(callback);
|
|
137
134
|
}
|
|
138
135
|
return;
|
|
139
136
|
};
|
|
140
137
|
this.autoLogin = () => {
|
|
141
|
-
return
|
|
138
|
+
return __classPrivateFieldGet(this, _Authentication_config, "f") ? __classPrivateFieldGet(this, _Authentication_config, "f").autoLogin || false : false;
|
|
142
139
|
};
|
|
143
140
|
this.autoLogout = () => {
|
|
144
|
-
return
|
|
141
|
+
return __classPrivateFieldGet(this, _Authentication_config, "f") ? __classPrivateFieldGet(this, _Authentication_config, "f").autoLogout || false : false;
|
|
145
142
|
};
|
|
146
143
|
this.idleTimeoutInMinutes = () => {
|
|
147
|
-
return
|
|
144
|
+
return __classPrivateFieldGet(this, _Authentication_config, "f") ? __classPrivateFieldGet(this, _Authentication_config, "f").idleTimeoutInMinutes || 30 : 30;
|
|
148
145
|
};
|
|
149
146
|
this.checkTokenInUrl = () => {
|
|
150
|
-
const accessTokenQuery =
|
|
147
|
+
const accessTokenQuery = getQueryParameter('access_token') || getQueryParameter('auth') || getQueryParameter('authToken') || getQueryParameter('token') || getQueryParameter('jwt');
|
|
151
148
|
if (accessTokenQuery) {
|
|
152
|
-
const { aud, firmId, userId } =
|
|
149
|
+
const { aud, firmId, userId } = __classPrivateFieldGet(this, _Authentication_decodeAccessToken, "f").call(this, accessTokenQuery);
|
|
153
150
|
if (!!firmId && !!userId && aud === '8MBJWOFS4RRRSZQC') {
|
|
154
151
|
const queryParameterValue = accessTokenQuery;
|
|
155
|
-
let myselfWithoutToken =
|
|
156
|
-
myselfWithoutToken =
|
|
157
|
-
myselfWithoutToken =
|
|
158
|
-
myselfWithoutToken =
|
|
159
|
-
myselfWithoutToken =
|
|
152
|
+
let myselfWithoutToken = deleteQueryParameter(window.location.href, 'access_token', queryParameterValue);
|
|
153
|
+
myselfWithoutToken = deleteQueryParameter(myselfWithoutToken, 'token', queryParameterValue);
|
|
154
|
+
myselfWithoutToken = deleteQueryParameter(myselfWithoutToken, 'auth', queryParameterValue);
|
|
155
|
+
myselfWithoutToken = deleteQueryParameter(myselfWithoutToken, 'authToken', queryParameterValue);
|
|
156
|
+
myselfWithoutToken = deleteQueryParameter(myselfWithoutToken, 'jwt', queryParameterValue);
|
|
160
157
|
const myselfEncoded = encodeURIComponent(myselfWithoutToken);
|
|
161
|
-
window.location.href =
|
|
158
|
+
window.location.href = __classPrivateFieldGet(this, _Authentication_config, "f").authHost + '/oauth/passthrough?token=' + queryParameterValue + '&redirect=' + myselfEncoded;
|
|
162
159
|
return true;
|
|
163
160
|
}
|
|
164
161
|
return false;
|
|
@@ -166,8 +163,8 @@ class Authentication {
|
|
|
166
163
|
return false;
|
|
167
164
|
};
|
|
168
165
|
this.checkTokenInInit = () => {
|
|
169
|
-
if (
|
|
170
|
-
const { jti } =
|
|
166
|
+
if (__classPrivateFieldGet(this, _Authentication_config, "f") && __classPrivateFieldGet(this, _Authentication_config, "f").initToken) {
|
|
167
|
+
const { jti } = __classPrivateFieldGet(this, _Authentication_decodeAccessToken, "f").call(this, __classPrivateFieldGet(this, _Authentication_config, "f").initToken);
|
|
171
168
|
if (jti) {
|
|
172
169
|
const windowPassthroughSession = window.sessionStorage.getItem(PASSTHROUGH_SESSION_KEY);
|
|
173
170
|
if (windowPassthroughSession) {
|
|
@@ -176,27 +173,27 @@ class Authentication {
|
|
|
176
173
|
}
|
|
177
174
|
window.sessionStorage.setItem(PASSTHROUGH_SESSION_KEY, jti);
|
|
178
175
|
const myselfEncoded = encodeURIComponent(window.location.href);
|
|
179
|
-
window.location.href =
|
|
176
|
+
window.location.href = __classPrivateFieldGet(this, _Authentication_config, "f").authHost + '/oauth/passthrough?jti=' + jti + '&redirect=' + myselfEncoded;
|
|
180
177
|
return true;
|
|
181
178
|
}
|
|
182
179
|
}
|
|
183
180
|
window.sessionStorage.removeItem(PASSTHROUGH_SESSION_KEY);
|
|
184
181
|
return false;
|
|
185
182
|
};
|
|
186
|
-
this.verifySession = () =>
|
|
187
|
-
const code_verifier =
|
|
188
|
-
const state =
|
|
183
|
+
this.verifySession = () => __awaiter(this, void 0, void 0, function* () {
|
|
184
|
+
const code_verifier = createRandomString(64);
|
|
185
|
+
const state = createRandomString(6);
|
|
189
186
|
window.sessionStorage.setItem(state, code_verifier);
|
|
190
|
-
const { code_challenge, code_challenge_method } = yield
|
|
191
|
-
const scope =
|
|
187
|
+
const { code_challenge, code_challenge_method } = yield createCodeChallenge(code_verifier);
|
|
188
|
+
const scope = __classPrivateFieldGet(this, _Authentication_config, "f").scopes.join(',');
|
|
192
189
|
const redirectUri = `${window.location.protocol}//${window.location.host}${window.location.pathname}`;
|
|
193
|
-
const url = `${
|
|
190
|
+
const url = `${__classPrivateFieldGet(this, _Authentication_config, "f").authHost}/oauth/authorize?response_type=code&response_mode=web_message&scope=${scope}&client_id=${__classPrivateFieldGet(this, _Authentication_config, "f").clientId}&redirect_uri=${encodeURIComponent(redirectUri)}&code_challenge=${encodeURIComponent(code_challenge)}&code_challenge_method=${code_challenge_method}&state=${state}&prompt=none`;
|
|
194
191
|
const resp = yield this.runIframe(url, state);
|
|
195
192
|
if (resp && resp.state) {
|
|
196
193
|
const verifier = window.sessionStorage.getItem(resp.state);
|
|
197
194
|
window.sessionStorage.removeItem(resp.state);
|
|
198
195
|
if (resp.code && verifier) {
|
|
199
|
-
return
|
|
196
|
+
return __classPrivateFieldGet(this, _Authentication_exchangeAuthCodeForAccessToken, "f").call(this, {
|
|
200
197
|
code: resp.code,
|
|
201
198
|
verifier,
|
|
202
199
|
redirectUri
|
|
@@ -208,7 +205,7 @@ class Authentication {
|
|
|
208
205
|
return false;
|
|
209
206
|
}
|
|
210
207
|
});
|
|
211
|
-
this.checkAuthCode = () =>
|
|
208
|
+
this.checkAuthCode = () => __awaiter(this, void 0, void 0, function* () {
|
|
212
209
|
const search = window.location.search;
|
|
213
210
|
const queryParams = new URLSearchParams(search);
|
|
214
211
|
const code = queryParams.get('code');
|
|
@@ -217,10 +214,10 @@ class Authentication {
|
|
|
217
214
|
const verifier = window.sessionStorage.getItem(state);
|
|
218
215
|
window.sessionStorage.removeItem(state);
|
|
219
216
|
let newUrl = window.location.href;
|
|
220
|
-
newUrl =
|
|
221
|
-
newUrl =
|
|
217
|
+
newUrl = deleteQueryParameter(newUrl, 'code', code);
|
|
218
|
+
newUrl = deleteQueryParameter(newUrl, 'state', state);
|
|
222
219
|
window.history.pushState(null, '', newUrl);
|
|
223
|
-
return
|
|
220
|
+
return __classPrivateFieldGet(this, _Authentication_exchangeAuthCodeForAccessToken, "f").call(this, {
|
|
224
221
|
code,
|
|
225
222
|
verifier,
|
|
226
223
|
redirectUri: newUrl
|
|
@@ -230,51 +227,51 @@ class Authentication {
|
|
|
230
227
|
return false;
|
|
231
228
|
}
|
|
232
229
|
});
|
|
233
|
-
this.getUserInfo = () =>
|
|
230
|
+
this.getUserInfo = () => __awaiter(this, void 0, void 0, function* () {
|
|
234
231
|
const token = yield this.getRefreshedAccessToken();
|
|
235
|
-
return
|
|
232
|
+
return __classPrivateFieldGet(this, _Authentication_leapAuthService, "f").userInfo(token);
|
|
236
233
|
});
|
|
237
|
-
this.linkUser = (params) =>
|
|
234
|
+
this.linkUser = (params) => __awaiter(this, void 0, void 0, function* () {
|
|
238
235
|
const decodeToken = yield this.getDecodedRefreshedAccessToken();
|
|
239
236
|
if (!decodeToken) {
|
|
240
237
|
return;
|
|
241
238
|
}
|
|
242
239
|
const redirectUrl = params.redirectUrl || window.location.href;
|
|
243
|
-
|
|
240
|
+
__classPrivateFieldGet(this, _Authentication_leapAuthService, "f").linkUser({
|
|
244
241
|
redirectUrl,
|
|
245
242
|
jti: decodeToken.jti,
|
|
246
243
|
newWindow: params.newWindow,
|
|
247
244
|
callback: params.callback,
|
|
248
245
|
});
|
|
249
246
|
});
|
|
250
|
-
this.unlinkUser = (params) =>
|
|
247
|
+
this.unlinkUser = (params) => __awaiter(this, void 0, void 0, function* () {
|
|
251
248
|
const decodeToken = yield this.getDecodedRefreshedAccessToken();
|
|
252
249
|
if (!decodeToken) {
|
|
253
250
|
return;
|
|
254
251
|
}
|
|
255
252
|
const redirectUrl = params.redirectUrl || window.location.href;
|
|
256
|
-
|
|
253
|
+
__classPrivateFieldGet(this, _Authentication_leapAuthService, "f").unlinkUser({
|
|
257
254
|
redirectUrl,
|
|
258
255
|
jti: decodeToken.jti,
|
|
259
256
|
newWindow: params.newWindow,
|
|
260
257
|
callback: params.callback,
|
|
261
258
|
});
|
|
262
259
|
});
|
|
263
|
-
this.getCloudProviderToken = (jti) =>
|
|
260
|
+
this.getCloudProviderToken = (jti) => __awaiter(this, void 0, void 0, function* () {
|
|
264
261
|
const token = yield this.getRefreshedAccessToken();
|
|
265
262
|
if (!token) {
|
|
266
263
|
throw Error('Not authenticated yet');
|
|
267
264
|
}
|
|
268
|
-
return
|
|
265
|
+
return __classPrivateFieldGet(this, _Authentication_leapAuthService, "f").getCloudProviderToken(token, jti);
|
|
269
266
|
});
|
|
270
|
-
this.cloudProviderUserInfo = () =>
|
|
267
|
+
this.cloudProviderUserInfo = () => __awaiter(this, void 0, void 0, function* () {
|
|
271
268
|
const token = yield this.getRefreshedAccessToken();
|
|
272
269
|
if (!token) {
|
|
273
270
|
throw Error('Not authenticated yet');
|
|
274
271
|
}
|
|
275
|
-
return
|
|
272
|
+
return __classPrivateFieldGet(this, _Authentication_leapAuthService, "f").cloudProviderUserInfo(token);
|
|
276
273
|
});
|
|
277
|
-
this.cloudProviderReauthenticate = (params) =>
|
|
274
|
+
this.cloudProviderReauthenticate = (params) => __awaiter(this, void 0, void 0, function* () {
|
|
278
275
|
const token = yield this.getRefreshedAccessToken();
|
|
279
276
|
if (!token) {
|
|
280
277
|
throw Error('Not authenticated yet');
|
|
@@ -283,51 +280,51 @@ class Authentication {
|
|
|
283
280
|
const { newWindow, callback } = params;
|
|
284
281
|
redirectUrl = redirectUrl || window.location.href;
|
|
285
282
|
if (!nonce) {
|
|
286
|
-
const reauthticateLink = yield
|
|
283
|
+
const reauthticateLink = yield __classPrivateFieldGet(this, _Authentication_leapAuthService, "f").cloudProviderReauthenticateLink(token);
|
|
287
284
|
nonce = reauthticateLink.nonce;
|
|
288
285
|
}
|
|
289
|
-
return
|
|
286
|
+
return __classPrivateFieldGet(this, _Authentication_leapAuthService, "f").cloudProviderReauthenticate({
|
|
290
287
|
redirectUrl,
|
|
291
288
|
nonce,
|
|
292
289
|
newWindow,
|
|
293
290
|
callback,
|
|
294
291
|
});
|
|
295
292
|
});
|
|
296
|
-
this.cloudProviderUpdate = (cloudProviderId) =>
|
|
293
|
+
this.cloudProviderUpdate = (cloudProviderId) => __awaiter(this, void 0, void 0, function* () {
|
|
297
294
|
const token = yield this.getRefreshedAccessToken();
|
|
298
295
|
if (!token) {
|
|
299
296
|
throw Error('Not authenticated yet');
|
|
300
297
|
}
|
|
301
|
-
const decodedToken =
|
|
298
|
+
const decodedToken = __classPrivateFieldGet(this, _Authentication_decodeAccessToken, "f").call(this, token);
|
|
302
299
|
const { firmId } = decodedToken;
|
|
303
|
-
return
|
|
300
|
+
return __classPrivateFieldGet(this, _Authentication_leapAuthService, "f").cloudProviderUpdate({ firmId, cloudProviderId, token: token });
|
|
304
301
|
});
|
|
305
|
-
this.statusAdminConsent = () =>
|
|
302
|
+
this.statusAdminConsent = () => __awaiter(this, void 0, void 0, function* () {
|
|
306
303
|
const token = yield this.getRefreshedAccessToken();
|
|
307
304
|
if (!token) {
|
|
308
305
|
throw Error('Not authenticated yet');
|
|
309
306
|
}
|
|
310
|
-
return
|
|
307
|
+
return __classPrivateFieldGet(this, _Authentication_leapAuthService, "f").statusAdminConsent(token);
|
|
311
308
|
});
|
|
312
309
|
this.getAdminConsent = (params) => {
|
|
313
310
|
const redirectUrl = params.redirectUrl || window.location.href;
|
|
314
|
-
|
|
311
|
+
__classPrivateFieldGet(this, _Authentication_leapAuthService, "f").getAdminConsent(Object.assign(Object.assign({}, params), { redirectUrl }));
|
|
315
312
|
};
|
|
316
|
-
this.revokeAdminConsent = () =>
|
|
313
|
+
this.revokeAdminConsent = () => __awaiter(this, void 0, void 0, function* () {
|
|
317
314
|
const token = yield this.getRefreshedAccessToken();
|
|
318
315
|
if (!token) {
|
|
319
316
|
throw Error('Not authenticated yet');
|
|
320
317
|
}
|
|
321
|
-
return
|
|
318
|
+
return __classPrivateFieldGet(this, _Authentication_leapAuthService, "f").revokeAdminConsent(token);
|
|
322
319
|
});
|
|
323
|
-
this.getLinkMap = (allUsers = false) =>
|
|
320
|
+
this.getLinkMap = (allUsers = false) => __awaiter(this, void 0, void 0, function* () {
|
|
324
321
|
const token = yield this.getRefreshedAccessToken();
|
|
325
322
|
if (!token) {
|
|
326
323
|
throw Error('Not authenticated yet');
|
|
327
324
|
}
|
|
328
|
-
return
|
|
325
|
+
return __classPrivateFieldGet(this, _Authentication_leapAuthService, "f").getLinkMap(token, allUsers);
|
|
329
326
|
});
|
|
330
|
-
this.setLinkMap = (linkMap) =>
|
|
327
|
+
this.setLinkMap = (linkMap) => __awaiter(this, void 0, void 0, function* () {
|
|
331
328
|
const token = yield this.getRefreshedAccessToken();
|
|
332
329
|
if (!token) {
|
|
333
330
|
throw Error('Not authenticated yet');
|
|
@@ -344,25 +341,25 @@ class Authentication {
|
|
|
344
341
|
};
|
|
345
342
|
if (!verifyFormat())
|
|
346
343
|
throw Error('linkmap in wrong format');
|
|
347
|
-
return
|
|
344
|
+
return __classPrivateFieldGet(this, _Authentication_leapAuthService, "f").setLinkMap(token, linkMap);
|
|
348
345
|
});
|
|
349
|
-
this.authoriseSupport = (params) =>
|
|
346
|
+
this.authoriseSupport = (params) => __awaiter(this, void 0, void 0, function* () {
|
|
350
347
|
const token = yield this.getRefreshedAccessToken();
|
|
351
348
|
if (!token) {
|
|
352
349
|
throw Error('Not authenticated yet');
|
|
353
350
|
}
|
|
354
|
-
return
|
|
351
|
+
return __classPrivateFieldGet(this, _Authentication_leapAuthService, "f").authoriseSupport(token, params);
|
|
355
352
|
});
|
|
356
353
|
this.changePassword = (params) => {
|
|
357
354
|
const redirectUrl = params.redirectUrl || window.location.href;
|
|
358
|
-
|
|
355
|
+
__classPrivateFieldGet(this, _Authentication_leapAuthService, "f").changePassword(Object.assign(Object.assign({}, params), { redirectUrl }));
|
|
359
356
|
};
|
|
360
|
-
this.passthrough = (params) =>
|
|
357
|
+
this.passthrough = (params) => __awaiter(this, void 0, void 0, function* () {
|
|
361
358
|
const decodedToken = yield this.getDecodedRefreshedAccessToken();
|
|
362
359
|
if (decodedToken && decodedToken.jti) {
|
|
363
360
|
const { url, newWindow, authHost } = params;
|
|
364
361
|
const encodedRedirectUrl = encodeURIComponent(url);
|
|
365
|
-
const passthroughUrl = `${authHost ||
|
|
362
|
+
const passthroughUrl = `${authHost || __classPrivateFieldGet(this, _Authentication_config, "f").authHost}/oauth/passthrough?jti=${decodedToken.jti}&redirect=${encodedRedirectUrl}&output=embed`;
|
|
366
363
|
if (newWindow) {
|
|
367
364
|
window.open(passthroughUrl, '_blank');
|
|
368
365
|
}
|
|
@@ -372,16 +369,16 @@ class Authentication {
|
|
|
372
369
|
}
|
|
373
370
|
return;
|
|
374
371
|
});
|
|
375
|
-
this.triggerHooks = (hookName) =>
|
|
372
|
+
this.triggerHooks = (hookName) => __awaiter(this, void 0, void 0, function* () {
|
|
376
373
|
const hooks = this.getHooks();
|
|
377
374
|
const token = yield this.getRefreshedAccessToken();
|
|
378
|
-
const hookFn = hooks && !!hooks[hookName] &&
|
|
375
|
+
const hookFn = hooks && !!hooks[hookName] && isFunction(hooks[hookName]) ? hooks[hookName](token) : false;
|
|
379
376
|
return Promise.resolve(hookFn);
|
|
380
377
|
});
|
|
381
378
|
this.afterAuthenticated = () => {
|
|
382
|
-
return this.triggerHooks(
|
|
379
|
+
return this.triggerHooks(HookName.afterLogin).then(() => __awaiter(this, void 0, void 0, function* () {
|
|
383
380
|
yield this.initNotification();
|
|
384
|
-
return
|
|
381
|
+
return __classPrivateFieldGet(this, _Authentication_accessToken, "f");
|
|
385
382
|
}));
|
|
386
383
|
};
|
|
387
384
|
this.runIframe = (authorizeUrl, state, timeoutInSeconds = DEFAULT_AUTHORIZE_TIMEOUT_IN_SECONDS) => {
|
|
@@ -404,7 +401,7 @@ class Authentication {
|
|
|
404
401
|
}, timeoutInSeconds * 1000);
|
|
405
402
|
const iframeEventHandler = (e) => {
|
|
406
403
|
const { data, origin, source } = e;
|
|
407
|
-
if (origin !==
|
|
404
|
+
if (origin !== __classPrivateFieldGet(this, _Authentication_config, "f").authHost)
|
|
408
405
|
return;
|
|
409
406
|
if (!data || data.type !== 'authorization_response')
|
|
410
407
|
return;
|
|
@@ -421,42 +418,42 @@ class Authentication {
|
|
|
421
418
|
iframe.setAttribute('src', authorizeUrl);
|
|
422
419
|
});
|
|
423
420
|
};
|
|
424
|
-
_Authentication_exchangeAuthCodeForAccessToken.set(this, (params) =>
|
|
421
|
+
_Authentication_exchangeAuthCodeForAccessToken.set(this, (params) => __awaiter(this, void 0, void 0, function* () {
|
|
425
422
|
const { verifier, code, redirectUri } = params;
|
|
426
423
|
if (verifier) {
|
|
427
|
-
const data = yield
|
|
424
|
+
const data = yield __classPrivateFieldGet(this, _Authentication_leapAuthService, "f").exchangeAuthCodeForAccessToken({
|
|
428
425
|
code,
|
|
429
426
|
verifier,
|
|
430
427
|
redirectUri
|
|
431
428
|
});
|
|
432
|
-
const redirectTriggered = yield
|
|
429
|
+
const redirectTriggered = yield __classPrivateFieldGet(this, _Authentication_verifyAndPerformRedirections, "f").call(this, data.access_token);
|
|
433
430
|
if (redirectTriggered) {
|
|
434
431
|
return true;
|
|
435
432
|
}
|
|
436
433
|
if (data.refresh_token &&
|
|
437
434
|
data.expires_in) {
|
|
438
|
-
|
|
435
|
+
__classPrivateFieldSet(this, _Authentication_refreshInfo, {
|
|
439
436
|
refreshToken: data.refresh_token,
|
|
440
437
|
accessTokenExpireIn: data.expires_in,
|
|
441
438
|
verifier: verifier,
|
|
442
439
|
timer: undefined,
|
|
443
440
|
}, "f");
|
|
444
|
-
if (
|
|
445
|
-
|
|
441
|
+
if (__classPrivateFieldGet(this, _Authentication_config, "f").autoRefreshToken) {
|
|
442
|
+
__classPrivateFieldGet(this, _Authentication_startRefreshAccessTokenProcess, "f").call(this);
|
|
446
443
|
}
|
|
447
444
|
}
|
|
448
|
-
|
|
445
|
+
__classPrivateFieldSet(this, _Authentication_accessToken, data.access_token, "f");
|
|
449
446
|
return true;
|
|
450
447
|
}
|
|
451
448
|
else {
|
|
452
449
|
return false;
|
|
453
450
|
}
|
|
454
451
|
}));
|
|
455
|
-
_Authentication_verifyAndPerformRedirections.set(this, (accessToken) =>
|
|
456
|
-
const redirectionConfig = yield
|
|
452
|
+
_Authentication_verifyAndPerformRedirections.set(this, (accessToken) => __awaiter(this, void 0, void 0, function* () {
|
|
453
|
+
const redirectionConfig = yield __classPrivateFieldGet(this, _Authentication_leapAuthService, "f").getRedirections();
|
|
457
454
|
const origin = window.location.origin;
|
|
458
|
-
const decodedToken =
|
|
459
|
-
const redirectUri =
|
|
455
|
+
const decodedToken = __classPrivateFieldGet(this, _Authentication_decodeAccessToken, "f").call(this, accessToken);
|
|
456
|
+
const redirectUri = getRedirectUri(origin, decodedToken, redirectionConfig);
|
|
460
457
|
if (redirectUri) {
|
|
461
458
|
this.logout(false, redirectUri);
|
|
462
459
|
return true;
|
|
@@ -464,44 +461,44 @@ class Authentication {
|
|
|
464
461
|
return false;
|
|
465
462
|
}));
|
|
466
463
|
_Authentication_startRefreshAccessTokenProcess.set(this, () => {
|
|
467
|
-
if (!
|
|
464
|
+
if (!__classPrivateFieldGet(this, _Authentication_refreshInfo, "f")) {
|
|
468
465
|
return;
|
|
469
466
|
}
|
|
470
|
-
if (
|
|
471
|
-
clearTimeout(
|
|
472
|
-
|
|
467
|
+
if (__classPrivateFieldGet(this, _Authentication_refreshInfo, "f").timer) {
|
|
468
|
+
clearTimeout(__classPrivateFieldGet(this, _Authentication_refreshInfo, "f").timer);
|
|
469
|
+
__classPrivateFieldSet(this, _Authentication_refreshInfo, Object.assign(Object.assign({}, __classPrivateFieldGet(this, _Authentication_refreshInfo, "f")), { timer: undefined }), "f");
|
|
473
470
|
}
|
|
474
|
-
const waitBeforeExecuting = (
|
|
471
|
+
const waitBeforeExecuting = (__classPrivateFieldGet(this, _Authentication_refreshInfo, "f").accessTokenExpireIn - SECONDS_BEFORE_EXPIRE) * 1000;
|
|
475
472
|
if (waitBeforeExecuting > MAX_SETTIME_OUT) {
|
|
476
473
|
return;
|
|
477
474
|
}
|
|
478
|
-
const timer = setTimeout(() =>
|
|
479
|
-
if (!
|
|
475
|
+
const timer = setTimeout(() => __awaiter(this, void 0, void 0, function* () {
|
|
476
|
+
if (!__classPrivateFieldGet(this, _Authentication_refreshInfo, "f")) {
|
|
480
477
|
return;
|
|
481
478
|
}
|
|
482
|
-
const data = yield
|
|
483
|
-
refreshToken:
|
|
484
|
-
verifier:
|
|
479
|
+
const data = yield __classPrivateFieldGet(this, _Authentication_leapAuthService, "f").renewAccessToken({
|
|
480
|
+
refreshToken: __classPrivateFieldGet(this, _Authentication_refreshInfo, "f").refreshToken,
|
|
481
|
+
verifier: __classPrivateFieldGet(this, _Authentication_refreshInfo, "f").verifier,
|
|
485
482
|
});
|
|
486
483
|
if (data) {
|
|
487
484
|
if (data.refresh_token && data.expires_in) {
|
|
488
|
-
|
|
489
|
-
|
|
485
|
+
__classPrivateFieldSet(this, _Authentication_refreshInfo, Object.assign(Object.assign({}, __classPrivateFieldGet(this, _Authentication_refreshInfo, "f")), { refreshToken: data.refresh_token, accessTokenExpireIn: data.expires_in }), "f");
|
|
486
|
+
__classPrivateFieldGet(this, _Authentication_startRefreshAccessTokenProcess, "f").call(this);
|
|
490
487
|
}
|
|
491
|
-
|
|
492
|
-
yield this.triggerHooks(
|
|
488
|
+
__classPrivateFieldSet(this, _Authentication_accessToken, data.access_token, "f");
|
|
489
|
+
yield this.triggerHooks(HookName.afterRefreshToken);
|
|
493
490
|
}
|
|
494
491
|
}), waitBeforeExecuting);
|
|
495
|
-
|
|
492
|
+
__classPrivateFieldSet(this, _Authentication_refreshInfo, Object.assign(Object.assign({}, __classPrivateFieldGet(this, _Authentication_refreshInfo, "f")), { timer }), "f");
|
|
496
493
|
});
|
|
497
494
|
_Authentication_destroyRefreshAccessTokenProcess.set(this, () => {
|
|
498
|
-
if (!
|
|
495
|
+
if (!__classPrivateFieldGet(this, _Authentication_refreshInfo, "f")) {
|
|
499
496
|
return;
|
|
500
497
|
}
|
|
501
|
-
if (
|
|
502
|
-
clearTimeout(
|
|
498
|
+
if (__classPrivateFieldGet(this, _Authentication_refreshInfo, "f").timer) {
|
|
499
|
+
clearTimeout(__classPrivateFieldGet(this, _Authentication_refreshInfo, "f").timer);
|
|
503
500
|
}
|
|
504
|
-
|
|
501
|
+
__classPrivateFieldSet(this, _Authentication_refreshInfo, undefined, "f");
|
|
505
502
|
});
|
|
506
503
|
_Authentication_decodeAccessToken.set(this, (accessToken) => {
|
|
507
504
|
if (!accessToken) {
|
|
@@ -519,11 +516,10 @@ class Authentication {
|
|
|
519
516
|
}
|
|
520
517
|
return undefined;
|
|
521
518
|
});
|
|
522
|
-
|
|
523
|
-
|
|
524
|
-
|
|
525
|
-
|
|
519
|
+
__classPrivateFieldSet(this, _Authentication_accessToken, undefined, "f");
|
|
520
|
+
__classPrivateFieldSet(this, _Authentication_config, init(options), "f");
|
|
521
|
+
__classPrivateFieldSet(this, _Authentication_leapAuthService, new LeapAuthService(__classPrivateFieldGet(this, _Authentication_config, "f").authHost, __classPrivateFieldGet(this, _Authentication_config, "f").clientId), "f");
|
|
522
|
+
__classPrivateFieldSet(this, _Authentication_notification, new Notification(), "f");
|
|
526
523
|
}
|
|
527
524
|
}
|
|
528
|
-
exports.Authentication = Authentication;
|
|
529
525
|
_Authentication_accessToken = new WeakMap(), _Authentication_config = new WeakMap(), _Authentication_leapAuthService = new WeakMap(), _Authentication_notification = new WeakMap(), _Authentication_refreshInfo = new WeakMap(), _Authentication_exchangeAuthCodeForAccessToken = new WeakMap(), _Authentication_verifyAndPerformRedirections = new WeakMap(), _Authentication_startRefreshAccessTokenProcess = new WeakMap(), _Authentication_destroyRefreshAccessTokenProcess = new WeakMap(), _Authentication_decodeAccessToken = new WeakMap();
|