@leapdev/auth-agent 2.2.13-beta.0 → 2.2.13-beta.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/package.json +1 -1
- package/src/index.js +2 -4
- package/src/index.js.map +1 -0
- package/src/index.umd.js +91 -355
- package/src/lib/auth-agent.d.ts +4 -1
- package/src/lib/auth-agent.js +20 -21
- package/src/lib/auth-agent.js.map +1 -0
- package/src/lib/auth.service.js +55 -58
- package/src/lib/auth.service.js.map +1 -0
- package/src/lib/authentication.d.ts +5 -1
- package/src/lib/authentication.js +210 -163
- package/src/lib/authentication.js.map +1 -0
- package/src/lib/config.js +6 -9
- package/src/lib/config.js.map +1 -0
- package/src/lib/idle-timer.js +23 -26
- package/src/lib/idle-timer.js.map +1 -0
- package/src/lib/notification.js +41 -44
- package/src/lib/notification.js.map +1 -0
- package/src/lib/redirections.js +2 -5
- package/src/lib/redirections.js.map +1 -0
- package/src/lib/types.js +3 -5
- package/src/lib/types.js.map +1 -0
- package/src/lib/utils.js +10 -17
- package/src/lib/utils.js.map +1 -0
- package/CHANGELOG.md +0 -95
|
@@ -1,123 +1,128 @@
|
|
|
1
|
-
|
|
2
|
-
|
|
3
|
-
|
|
4
|
-
|
|
5
|
-
|
|
6
|
-
|
|
7
|
-
|
|
8
|
-
|
|
9
|
-
|
|
10
|
-
const notification_1 = require("./notification");
|
|
11
|
-
const utils_1 = require("./utils");
|
|
12
|
-
const redirections_1 = require("./redirections");
|
|
1
|
+
var _Authentication_accessToken, _Authentication_config, _Authentication_leapAuthService, _Authentication_notification, _Authentication_popupLogin, _Authentication_refreshInfo, _Authentication_exchangeAuthCodeForAccessToken, _Authentication_verifyAndPerformRedirections, _Authentication_startRefreshAccessTokenProcess, _Authentication_destroyRefreshAccessTokenProcess, _Authentication_decodeAccessToken, _Authentication_handlePopupLogin;
|
|
2
|
+
import { __awaiter, __classPrivateFieldGet, __classPrivateFieldSet } from "tslib";
|
|
3
|
+
import { isFunction } from 'lodash';
|
|
4
|
+
import { init } from './config';
|
|
5
|
+
import { LeapAuthService } from './auth.service';
|
|
6
|
+
import { HookName, } from './types';
|
|
7
|
+
import { Notification } from './notification';
|
|
8
|
+
import { createCodeChallenge, createRandomString, deleteQueryParameter, getQueryParameter } from './utils';
|
|
9
|
+
import { getRedirectUri } from './redirections';
|
|
13
10
|
const SECONDS_BEFORE_EXPIRE = 30;
|
|
14
11
|
const MAX_SETTIME_OUT = 2147483647;
|
|
15
12
|
const DEFAULT_AUTHORIZE_TIMEOUT_IN_SECONDS = 60;
|
|
16
13
|
const CLEANUP_IFRAME_TIMEOUT_IN_SECONDS = 2;
|
|
17
14
|
const PASSTHROUGH_SESSION_KEY = 'leap-auth-agent-passthrough';
|
|
18
|
-
class Authentication {
|
|
15
|
+
export class Authentication {
|
|
19
16
|
constructor(options) {
|
|
20
17
|
_Authentication_accessToken.set(this, void 0);
|
|
21
18
|
_Authentication_config.set(this, void 0);
|
|
22
19
|
_Authentication_leapAuthService.set(this, void 0);
|
|
23
20
|
_Authentication_notification.set(this, void 0);
|
|
21
|
+
_Authentication_popupLogin.set(this, void 0);
|
|
24
22
|
_Authentication_refreshInfo.set(this, void 0);
|
|
25
23
|
this.registerEventListenerForUserChannel = (params) => {
|
|
26
24
|
const { topic, messageType, callback } = params;
|
|
27
|
-
|
|
25
|
+
__classPrivateFieldGet(this, _Authentication_notification, "f").registerEventListenerForUserChannel({
|
|
28
26
|
topic,
|
|
29
27
|
messageType,
|
|
30
28
|
callback,
|
|
31
29
|
});
|
|
32
30
|
};
|
|
33
|
-
this.initNotification = () =>
|
|
31
|
+
this.initNotification = () => __awaiter(this, void 0, void 0, function* () {
|
|
34
32
|
const decodedToken = yield this.getDecodedRefreshedAccessToken();
|
|
35
33
|
if (decodedToken) {
|
|
36
|
-
yield
|
|
37
|
-
authHost:
|
|
38
|
-
clientId:
|
|
34
|
+
yield __classPrivateFieldGet(this, _Authentication_notification, "f").init({
|
|
35
|
+
authHost: __classPrivateFieldGet(this, _Authentication_config, "f").authHost,
|
|
36
|
+
clientId: __classPrivateFieldGet(this, _Authentication_config, "f").clientId,
|
|
39
37
|
firmId: decodedToken.firmId,
|
|
40
38
|
userId: decodedToken.userId,
|
|
41
|
-
uniqueSession: !!
|
|
42
|
-
hooks:
|
|
39
|
+
uniqueSession: !!__classPrivateFieldGet(this, _Authentication_config, "f").uniqueSession,
|
|
40
|
+
hooks: __classPrivateFieldGet(this, _Authentication_config, "f").hooks,
|
|
43
41
|
});
|
|
44
42
|
}
|
|
45
43
|
});
|
|
46
44
|
this.destroyNotification = () => {
|
|
47
|
-
|
|
45
|
+
__classPrivateFieldGet(this, _Authentication_notification, "f").destroy();
|
|
48
46
|
};
|
|
49
|
-
this.login = (
|
|
47
|
+
this.login = (params) => __awaiter(this, void 0, void 0, function* () {
|
|
50
48
|
const done = yield this.checkAuthCode();
|
|
51
|
-
if (done && !!
|
|
52
|
-
return
|
|
49
|
+
if (done && !!__classPrivateFieldGet(this, _Authentication_accessToken, "f")) {
|
|
50
|
+
return __classPrivateFieldGet(this, _Authentication_accessToken, "f");
|
|
53
51
|
}
|
|
54
52
|
else {
|
|
55
|
-
const
|
|
56
|
-
const
|
|
53
|
+
const { noPrompt, force_2fa, popup } = params;
|
|
54
|
+
const code_verifier = createRandomString(64);
|
|
55
|
+
const state = createRandomString(6);
|
|
56
|
+
const nonce = createRandomString(6);
|
|
57
57
|
window.sessionStorage.setItem(state, code_verifier);
|
|
58
|
-
const { code_challenge, code_challenge_method } = yield
|
|
59
|
-
const scope =
|
|
58
|
+
const { code_challenge, code_challenge_method } = yield createCodeChallenge(code_verifier);
|
|
59
|
+
const scope = __classPrivateFieldGet(this, _Authentication_config, "f").scopes.join(',');
|
|
60
60
|
const prompt = noPrompt ? 'none' : '';
|
|
61
|
-
const url = `${
|
|
62
|
-
|
|
63
|
-
|
|
61
|
+
const url = `${__classPrivateFieldGet(this, _Authentication_config, "f").authHost}/oauth/authorize?response_type=code&scope=${scope}&client_id=${__classPrivateFieldGet(this, _Authentication_config, "f").clientId}&redirect_uri=${encodeURIComponent(window.location.href)}&code_challenge=${encodeURIComponent(code_challenge)}&code_challenge_method=${code_challenge_method}&force_2fa=${force_2fa}&nonce=${nonce}&state=${state}&prompt=${prompt}&remember_me=${__classPrivateFieldGet(this, _Authentication_config, "f").rememberMe}`;
|
|
62
|
+
if (popup) {
|
|
63
|
+
return __classPrivateFieldGet(this, _Authentication_handlePopupLogin, "f").call(this, url);
|
|
64
|
+
}
|
|
65
|
+
else {
|
|
66
|
+
window.location.assign(url);
|
|
67
|
+
return;
|
|
68
|
+
}
|
|
64
69
|
}
|
|
65
70
|
});
|
|
66
71
|
this.logout = (force = false, redirectUrl) => {
|
|
67
|
-
|
|
72
|
+
__classPrivateFieldSet(this, _Authentication_accessToken, undefined, "f");
|
|
68
73
|
const redirectUri = encodeURIComponent(redirectUrl || window.location.href);
|
|
69
|
-
window.location.href = `${
|
|
70
|
-
|
|
74
|
+
window.location.href = `${__classPrivateFieldGet(this, _Authentication_config, "f").authHost}/oauth/logout?force=${force}&redirect_uri=${redirectUri}`;
|
|
75
|
+
__classPrivateFieldGet(this, _Authentication_destroyRefreshAccessTokenProcess, "f").call(this);
|
|
71
76
|
};
|
|
72
77
|
this.getAccessToken = () => {
|
|
73
|
-
if (
|
|
78
|
+
if (__classPrivateFieldGet(this, _Authentication_accessToken, "f") === undefined || !__classPrivateFieldGet(this, _Authentication_accessToken, "f")) {
|
|
74
79
|
return '';
|
|
75
80
|
}
|
|
76
81
|
else {
|
|
77
|
-
return
|
|
82
|
+
return __classPrivateFieldGet(this, _Authentication_accessToken, "f");
|
|
78
83
|
}
|
|
79
84
|
};
|
|
80
|
-
this.getRefreshedAccessToken = (force) =>
|
|
81
|
-
if (
|
|
85
|
+
this.getRefreshedAccessToken = (force) => __awaiter(this, void 0, void 0, function* () {
|
|
86
|
+
if (__classPrivateFieldGet(this, _Authentication_accessToken, "f") === undefined || !__classPrivateFieldGet(this, _Authentication_accessToken, "f")) {
|
|
82
87
|
return '';
|
|
83
88
|
}
|
|
84
89
|
else {
|
|
85
|
-
if (
|
|
86
|
-
const decoded =
|
|
90
|
+
if (__classPrivateFieldGet(this, _Authentication_refreshInfo, "f") && __classPrivateFieldGet(this, _Authentication_refreshInfo, "f").accessTokenExpireIn) {
|
|
91
|
+
const decoded = __classPrivateFieldGet(this, _Authentication_decodeAccessToken, "f").call(this, __classPrivateFieldGet(this, _Authentication_accessToken, "f"));
|
|
87
92
|
if (force || (!!decoded && ((decoded.exp - SECONDS_BEFORE_EXPIRE) * 1000 < Date.now()))) {
|
|
88
|
-
const data = yield
|
|
89
|
-
refreshToken:
|
|
90
|
-
verifier:
|
|
93
|
+
const data = yield __classPrivateFieldGet(this, _Authentication_leapAuthService, "f").renewAccessToken({
|
|
94
|
+
refreshToken: __classPrivateFieldGet(this, _Authentication_refreshInfo, "f").refreshToken,
|
|
95
|
+
verifier: __classPrivateFieldGet(this, _Authentication_refreshInfo, "f").verifier,
|
|
91
96
|
});
|
|
92
97
|
if (data) {
|
|
93
98
|
if (data.refresh_token && data.expires_in) {
|
|
94
|
-
|
|
99
|
+
__classPrivateFieldSet(this, _Authentication_refreshInfo, Object.assign(Object.assign({}, __classPrivateFieldGet(this, _Authentication_refreshInfo, "f")), { refreshToken: data.refresh_token, accessTokenExpireIn: data.expires_in }), "f");
|
|
95
100
|
}
|
|
96
|
-
|
|
97
|
-
yield this.triggerHooks(
|
|
98
|
-
return
|
|
101
|
+
__classPrivateFieldSet(this, _Authentication_accessToken, data.access_token, "f");
|
|
102
|
+
yield this.triggerHooks(HookName.afterRefreshToken);
|
|
103
|
+
return __classPrivateFieldGet(this, _Authentication_accessToken, "f");
|
|
99
104
|
}
|
|
100
105
|
}
|
|
101
106
|
}
|
|
102
|
-
return
|
|
107
|
+
return __classPrivateFieldGet(this, _Authentication_accessToken, "f");
|
|
103
108
|
}
|
|
104
109
|
});
|
|
105
110
|
this.getDecodedAccessToken = () => {
|
|
106
|
-
if (!
|
|
111
|
+
if (!__classPrivateFieldGet(this, _Authentication_accessToken, "f")) {
|
|
107
112
|
return undefined;
|
|
108
113
|
}
|
|
109
|
-
return
|
|
114
|
+
return __classPrivateFieldGet(this, _Authentication_decodeAccessToken, "f").call(this, __classPrivateFieldGet(this, _Authentication_accessToken, "f"));
|
|
110
115
|
};
|
|
111
|
-
this.getDecodedRefreshedAccessToken = (force) =>
|
|
116
|
+
this.getDecodedRefreshedAccessToken = (force) => __awaiter(this, void 0, void 0, function* () {
|
|
112
117
|
const token = yield this.getRefreshedAccessToken(force);
|
|
113
118
|
if (!token) {
|
|
114
119
|
return undefined;
|
|
115
120
|
}
|
|
116
|
-
return
|
|
121
|
+
return __classPrivateFieldGet(this, _Authentication_decodeAccessToken, "f").call(this, token);
|
|
117
122
|
});
|
|
118
123
|
this.getHooks = () => {
|
|
119
|
-
if (
|
|
120
|
-
return
|
|
124
|
+
if (__classPrivateFieldGet(this, _Authentication_config, "f")) {
|
|
125
|
+
return __classPrivateFieldGet(this, _Authentication_config, "f").hooks;
|
|
121
126
|
}
|
|
122
127
|
else {
|
|
123
128
|
return undefined;
|
|
@@ -125,40 +130,40 @@ class Authentication {
|
|
|
125
130
|
};
|
|
126
131
|
this.setHook = (params) => {
|
|
127
132
|
const { name, callback } = params;
|
|
128
|
-
if (!Object.values(
|
|
133
|
+
if (!Object.values(HookName).find((h) => h === name)) {
|
|
129
134
|
throw Error('Unsupported hook: ' + name);
|
|
130
135
|
}
|
|
131
|
-
if (!
|
|
136
|
+
if (!isFunction(callback)) {
|
|
132
137
|
throw Error('hook must be a function: ' + name);
|
|
133
138
|
}
|
|
134
|
-
|
|
135
|
-
if (name ===
|
|
136
|
-
|
|
139
|
+
__classPrivateFieldSet(this, _Authentication_config, Object.assign(Object.assign({}, __classPrivateFieldGet(this, _Authentication_config, "f")), { hooks: Object.assign(Object.assign({}, __classPrivateFieldGet(this, _Authentication_config, "f").hooks), { [name]: callback }) }), "f");
|
|
140
|
+
if (name === HookName.uniqueSessionTrigger) {
|
|
141
|
+
__classPrivateFieldGet(this, _Authentication_notification, "f").setUniqueSessionTriggerHook(callback);
|
|
137
142
|
}
|
|
138
143
|
return;
|
|
139
144
|
};
|
|
140
145
|
this.autoLogin = () => {
|
|
141
|
-
return
|
|
146
|
+
return __classPrivateFieldGet(this, _Authentication_config, "f") ? __classPrivateFieldGet(this, _Authentication_config, "f").autoLogin || false : false;
|
|
142
147
|
};
|
|
143
148
|
this.autoLogout = () => {
|
|
144
|
-
return
|
|
149
|
+
return __classPrivateFieldGet(this, _Authentication_config, "f") ? __classPrivateFieldGet(this, _Authentication_config, "f").autoLogout || false : false;
|
|
145
150
|
};
|
|
146
151
|
this.idleTimeoutInMinutes = () => {
|
|
147
|
-
return
|
|
152
|
+
return __classPrivateFieldGet(this, _Authentication_config, "f") ? __classPrivateFieldGet(this, _Authentication_config, "f").idleTimeoutInMinutes || 30 : 30;
|
|
148
153
|
};
|
|
149
154
|
this.checkTokenInUrl = () => {
|
|
150
|
-
const accessTokenQuery =
|
|
155
|
+
const accessTokenQuery = getQueryParameter('access_token') || getQueryParameter('auth') || getQueryParameter('authToken') || getQueryParameter('token') || getQueryParameter('jwt');
|
|
151
156
|
if (accessTokenQuery) {
|
|
152
|
-
const { aud, firmId, userId } =
|
|
157
|
+
const { aud, firmId, userId } = __classPrivateFieldGet(this, _Authentication_decodeAccessToken, "f").call(this, accessTokenQuery);
|
|
153
158
|
if (!!firmId && !!userId && aud === '8MBJWOFS4RRRSZQC') {
|
|
154
159
|
const queryParameterValue = accessTokenQuery;
|
|
155
|
-
let myselfWithoutToken =
|
|
156
|
-
myselfWithoutToken =
|
|
157
|
-
myselfWithoutToken =
|
|
158
|
-
myselfWithoutToken =
|
|
159
|
-
myselfWithoutToken =
|
|
160
|
+
let myselfWithoutToken = deleteQueryParameter(window.location.href, 'access_token', queryParameterValue);
|
|
161
|
+
myselfWithoutToken = deleteQueryParameter(myselfWithoutToken, 'token', queryParameterValue);
|
|
162
|
+
myselfWithoutToken = deleteQueryParameter(myselfWithoutToken, 'auth', queryParameterValue);
|
|
163
|
+
myselfWithoutToken = deleteQueryParameter(myselfWithoutToken, 'authToken', queryParameterValue);
|
|
164
|
+
myselfWithoutToken = deleteQueryParameter(myselfWithoutToken, 'jwt', queryParameterValue);
|
|
160
165
|
const myselfEncoded = encodeURIComponent(myselfWithoutToken);
|
|
161
|
-
window.location.href =
|
|
166
|
+
window.location.href = __classPrivateFieldGet(this, _Authentication_config, "f").authHost + '/oauth/passthrough?token=' + queryParameterValue + '&redirect=' + myselfEncoded;
|
|
162
167
|
return true;
|
|
163
168
|
}
|
|
164
169
|
return false;
|
|
@@ -166,8 +171,8 @@ class Authentication {
|
|
|
166
171
|
return false;
|
|
167
172
|
};
|
|
168
173
|
this.checkTokenInInit = () => {
|
|
169
|
-
if (
|
|
170
|
-
const { jti } =
|
|
174
|
+
if (__classPrivateFieldGet(this, _Authentication_config, "f") && __classPrivateFieldGet(this, _Authentication_config, "f").initToken) {
|
|
175
|
+
const { jti } = __classPrivateFieldGet(this, _Authentication_decodeAccessToken, "f").call(this, __classPrivateFieldGet(this, _Authentication_config, "f").initToken);
|
|
171
176
|
if (jti) {
|
|
172
177
|
const windowPassthroughSession = window.sessionStorage.getItem(PASSTHROUGH_SESSION_KEY);
|
|
173
178
|
if (windowPassthroughSession) {
|
|
@@ -176,27 +181,27 @@ class Authentication {
|
|
|
176
181
|
}
|
|
177
182
|
window.sessionStorage.setItem(PASSTHROUGH_SESSION_KEY, jti);
|
|
178
183
|
const myselfEncoded = encodeURIComponent(window.location.href);
|
|
179
|
-
window.location.href =
|
|
184
|
+
window.location.href = __classPrivateFieldGet(this, _Authentication_config, "f").authHost + '/oauth/passthrough?jti=' + jti + '&redirect=' + myselfEncoded;
|
|
180
185
|
return true;
|
|
181
186
|
}
|
|
182
187
|
}
|
|
183
188
|
window.sessionStorage.removeItem(PASSTHROUGH_SESSION_KEY);
|
|
184
189
|
return false;
|
|
185
190
|
};
|
|
186
|
-
this.verifySession = () =>
|
|
187
|
-
const code_verifier =
|
|
188
|
-
const state =
|
|
191
|
+
this.verifySession = () => __awaiter(this, void 0, void 0, function* () {
|
|
192
|
+
const code_verifier = createRandomString(64);
|
|
193
|
+
const state = createRandomString(6);
|
|
189
194
|
window.sessionStorage.setItem(state, code_verifier);
|
|
190
|
-
const { code_challenge, code_challenge_method } = yield
|
|
191
|
-
const scope =
|
|
195
|
+
const { code_challenge, code_challenge_method } = yield createCodeChallenge(code_verifier);
|
|
196
|
+
const scope = __classPrivateFieldGet(this, _Authentication_config, "f").scopes.join(',');
|
|
192
197
|
const redirectUri = `${window.location.protocol}//${window.location.host}${window.location.pathname}`;
|
|
193
|
-
const url = `${
|
|
198
|
+
const url = `${__classPrivateFieldGet(this, _Authentication_config, "f").authHost}/oauth/authorize?response_type=code&response_mode=web_message&scope=${scope}&client_id=${__classPrivateFieldGet(this, _Authentication_config, "f").clientId}&redirect_uri=${encodeURIComponent(redirectUri)}&code_challenge=${encodeURIComponent(code_challenge)}&code_challenge_method=${code_challenge_method}&state=${state}&prompt=none`;
|
|
194
199
|
const resp = yield this.runIframe(url, state);
|
|
195
200
|
if (resp && resp.state) {
|
|
196
201
|
const verifier = window.sessionStorage.getItem(resp.state);
|
|
197
202
|
window.sessionStorage.removeItem(resp.state);
|
|
198
203
|
if (resp.code && verifier) {
|
|
199
|
-
return
|
|
204
|
+
return __classPrivateFieldGet(this, _Authentication_exchangeAuthCodeForAccessToken, "f").call(this, {
|
|
200
205
|
code: resp.code,
|
|
201
206
|
verifier,
|
|
202
207
|
redirectUri
|
|
@@ -208,73 +213,82 @@ class Authentication {
|
|
|
208
213
|
return false;
|
|
209
214
|
}
|
|
210
215
|
});
|
|
211
|
-
this.checkAuthCode = () =>
|
|
216
|
+
this.checkAuthCode = () => __awaiter(this, void 0, void 0, function* () {
|
|
212
217
|
const search = window.location.search;
|
|
213
218
|
const queryParams = new URLSearchParams(search);
|
|
214
219
|
const code = queryParams.get('code');
|
|
215
220
|
const state = queryParams.get('state');
|
|
216
221
|
if (!!code && !!state) {
|
|
217
|
-
const
|
|
218
|
-
window.
|
|
219
|
-
|
|
220
|
-
|
|
221
|
-
|
|
222
|
-
|
|
223
|
-
|
|
224
|
-
|
|
225
|
-
verifier
|
|
226
|
-
|
|
227
|
-
|
|
222
|
+
const isPopupLogin = window.sessionStorage.getItem('leap-auth-popup-login');
|
|
223
|
+
if (isPopupLogin === 'true' && window.opener) {
|
|
224
|
+
window.sessionStorage.removeItem('leap-auth-popup-login');
|
|
225
|
+
window.opener.postMessage({ source: 'leap-auth-popup-login', code, state }, '*');
|
|
226
|
+
window.close();
|
|
227
|
+
return false;
|
|
228
|
+
}
|
|
229
|
+
else {
|
|
230
|
+
const verifier = window.sessionStorage.getItem(state);
|
|
231
|
+
window.sessionStorage.removeItem(state);
|
|
232
|
+
let newUrl = window.location.href;
|
|
233
|
+
newUrl = deleteQueryParameter(newUrl, 'code', code);
|
|
234
|
+
newUrl = deleteQueryParameter(newUrl, 'state', state);
|
|
235
|
+
window.history.pushState(null, '', newUrl);
|
|
236
|
+
return __classPrivateFieldGet(this, _Authentication_exchangeAuthCodeForAccessToken, "f").call(this, {
|
|
237
|
+
code,
|
|
238
|
+
verifier,
|
|
239
|
+
redirectUri: newUrl
|
|
240
|
+
});
|
|
241
|
+
}
|
|
228
242
|
}
|
|
229
243
|
else {
|
|
230
244
|
return false;
|
|
231
245
|
}
|
|
232
246
|
});
|
|
233
|
-
this.getUserInfo = () =>
|
|
247
|
+
this.getUserInfo = () => __awaiter(this, void 0, void 0, function* () {
|
|
234
248
|
const token = yield this.getRefreshedAccessToken();
|
|
235
|
-
return
|
|
249
|
+
return __classPrivateFieldGet(this, _Authentication_leapAuthService, "f").userInfo(token);
|
|
236
250
|
});
|
|
237
|
-
this.linkUser = (params) =>
|
|
251
|
+
this.linkUser = (params) => __awaiter(this, void 0, void 0, function* () {
|
|
238
252
|
const decodeToken = yield this.getDecodedRefreshedAccessToken();
|
|
239
253
|
if (!decodeToken) {
|
|
240
254
|
return;
|
|
241
255
|
}
|
|
242
256
|
const redirectUrl = params.redirectUrl || window.location.href;
|
|
243
|
-
|
|
257
|
+
__classPrivateFieldGet(this, _Authentication_leapAuthService, "f").linkUser({
|
|
244
258
|
redirectUrl,
|
|
245
259
|
jti: decodeToken.jti,
|
|
246
260
|
newWindow: params.newWindow,
|
|
247
261
|
callback: params.callback,
|
|
248
262
|
});
|
|
249
263
|
});
|
|
250
|
-
this.unlinkUser = (params) =>
|
|
264
|
+
this.unlinkUser = (params) => __awaiter(this, void 0, void 0, function* () {
|
|
251
265
|
const decodeToken = yield this.getDecodedRefreshedAccessToken();
|
|
252
266
|
if (!decodeToken) {
|
|
253
267
|
return;
|
|
254
268
|
}
|
|
255
269
|
const redirectUrl = params.redirectUrl || window.location.href;
|
|
256
|
-
|
|
270
|
+
__classPrivateFieldGet(this, _Authentication_leapAuthService, "f").unlinkUser({
|
|
257
271
|
redirectUrl,
|
|
258
272
|
jti: decodeToken.jti,
|
|
259
273
|
newWindow: params.newWindow,
|
|
260
274
|
callback: params.callback,
|
|
261
275
|
});
|
|
262
276
|
});
|
|
263
|
-
this.getCloudProviderToken = (jti) =>
|
|
277
|
+
this.getCloudProviderToken = (jti) => __awaiter(this, void 0, void 0, function* () {
|
|
264
278
|
const token = yield this.getRefreshedAccessToken();
|
|
265
279
|
if (!token) {
|
|
266
280
|
throw Error('Not authenticated yet');
|
|
267
281
|
}
|
|
268
|
-
return
|
|
282
|
+
return __classPrivateFieldGet(this, _Authentication_leapAuthService, "f").getCloudProviderToken(token, jti);
|
|
269
283
|
});
|
|
270
|
-
this.cloudProviderUserInfo = () =>
|
|
284
|
+
this.cloudProviderUserInfo = () => __awaiter(this, void 0, void 0, function* () {
|
|
271
285
|
const token = yield this.getRefreshedAccessToken();
|
|
272
286
|
if (!token) {
|
|
273
287
|
throw Error('Not authenticated yet');
|
|
274
288
|
}
|
|
275
|
-
return
|
|
289
|
+
return __classPrivateFieldGet(this, _Authentication_leapAuthService, "f").cloudProviderUserInfo(token);
|
|
276
290
|
});
|
|
277
|
-
this.cloudProviderReauthenticate = (params) =>
|
|
291
|
+
this.cloudProviderReauthenticate = (params) => __awaiter(this, void 0, void 0, function* () {
|
|
278
292
|
const token = yield this.getRefreshedAccessToken();
|
|
279
293
|
if (!token) {
|
|
280
294
|
throw Error('Not authenticated yet');
|
|
@@ -283,51 +297,51 @@ class Authentication {
|
|
|
283
297
|
const { newWindow, callback } = params;
|
|
284
298
|
redirectUrl = redirectUrl || window.location.href;
|
|
285
299
|
if (!nonce) {
|
|
286
|
-
const reauthticateLink = yield
|
|
300
|
+
const reauthticateLink = yield __classPrivateFieldGet(this, _Authentication_leapAuthService, "f").cloudProviderReauthenticateLink(token);
|
|
287
301
|
nonce = reauthticateLink.nonce;
|
|
288
302
|
}
|
|
289
|
-
return
|
|
303
|
+
return __classPrivateFieldGet(this, _Authentication_leapAuthService, "f").cloudProviderReauthenticate({
|
|
290
304
|
redirectUrl,
|
|
291
305
|
nonce,
|
|
292
306
|
newWindow,
|
|
293
307
|
callback,
|
|
294
308
|
});
|
|
295
309
|
});
|
|
296
|
-
this.cloudProviderUpdate = (cloudProviderId) =>
|
|
310
|
+
this.cloudProviderUpdate = (cloudProviderId) => __awaiter(this, void 0, void 0, function* () {
|
|
297
311
|
const token = yield this.getRefreshedAccessToken();
|
|
298
312
|
if (!token) {
|
|
299
313
|
throw Error('Not authenticated yet');
|
|
300
314
|
}
|
|
301
|
-
const decodedToken =
|
|
315
|
+
const decodedToken = __classPrivateFieldGet(this, _Authentication_decodeAccessToken, "f").call(this, token);
|
|
302
316
|
const { firmId } = decodedToken;
|
|
303
|
-
return
|
|
317
|
+
return __classPrivateFieldGet(this, _Authentication_leapAuthService, "f").cloudProviderUpdate({ firmId, cloudProviderId, token: token });
|
|
304
318
|
});
|
|
305
|
-
this.statusAdminConsent = () =>
|
|
319
|
+
this.statusAdminConsent = () => __awaiter(this, void 0, void 0, function* () {
|
|
306
320
|
const token = yield this.getRefreshedAccessToken();
|
|
307
321
|
if (!token) {
|
|
308
322
|
throw Error('Not authenticated yet');
|
|
309
323
|
}
|
|
310
|
-
return
|
|
324
|
+
return __classPrivateFieldGet(this, _Authentication_leapAuthService, "f").statusAdminConsent(token);
|
|
311
325
|
});
|
|
312
326
|
this.getAdminConsent = (params) => {
|
|
313
327
|
const redirectUrl = params.redirectUrl || window.location.href;
|
|
314
|
-
|
|
328
|
+
__classPrivateFieldGet(this, _Authentication_leapAuthService, "f").getAdminConsent(Object.assign(Object.assign({}, params), { redirectUrl }));
|
|
315
329
|
};
|
|
316
|
-
this.revokeAdminConsent = () =>
|
|
330
|
+
this.revokeAdminConsent = () => __awaiter(this, void 0, void 0, function* () {
|
|
317
331
|
const token = yield this.getRefreshedAccessToken();
|
|
318
332
|
if (!token) {
|
|
319
333
|
throw Error('Not authenticated yet');
|
|
320
334
|
}
|
|
321
|
-
return
|
|
335
|
+
return __classPrivateFieldGet(this, _Authentication_leapAuthService, "f").revokeAdminConsent(token);
|
|
322
336
|
});
|
|
323
|
-
this.getLinkMap = (allUsers = false) =>
|
|
337
|
+
this.getLinkMap = (allUsers = false) => __awaiter(this, void 0, void 0, function* () {
|
|
324
338
|
const token = yield this.getRefreshedAccessToken();
|
|
325
339
|
if (!token) {
|
|
326
340
|
throw Error('Not authenticated yet');
|
|
327
341
|
}
|
|
328
|
-
return
|
|
342
|
+
return __classPrivateFieldGet(this, _Authentication_leapAuthService, "f").getLinkMap(token, allUsers);
|
|
329
343
|
});
|
|
330
|
-
this.setLinkMap = (linkMap) =>
|
|
344
|
+
this.setLinkMap = (linkMap) => __awaiter(this, void 0, void 0, function* () {
|
|
331
345
|
const token = yield this.getRefreshedAccessToken();
|
|
332
346
|
if (!token) {
|
|
333
347
|
throw Error('Not authenticated yet');
|
|
@@ -344,25 +358,25 @@ class Authentication {
|
|
|
344
358
|
};
|
|
345
359
|
if (!verifyFormat())
|
|
346
360
|
throw Error('linkmap in wrong format');
|
|
347
|
-
return
|
|
361
|
+
return __classPrivateFieldGet(this, _Authentication_leapAuthService, "f").setLinkMap(token, linkMap);
|
|
348
362
|
});
|
|
349
|
-
this.authoriseSupport = (params) =>
|
|
363
|
+
this.authoriseSupport = (params) => __awaiter(this, void 0, void 0, function* () {
|
|
350
364
|
const token = yield this.getRefreshedAccessToken();
|
|
351
365
|
if (!token) {
|
|
352
366
|
throw Error('Not authenticated yet');
|
|
353
367
|
}
|
|
354
|
-
return
|
|
368
|
+
return __classPrivateFieldGet(this, _Authentication_leapAuthService, "f").authoriseSupport(token, params);
|
|
355
369
|
});
|
|
356
370
|
this.changePassword = (params) => {
|
|
357
371
|
const redirectUrl = params.redirectUrl || window.location.href;
|
|
358
|
-
|
|
372
|
+
__classPrivateFieldGet(this, _Authentication_leapAuthService, "f").changePassword(Object.assign(Object.assign({}, params), { redirectUrl }));
|
|
359
373
|
};
|
|
360
|
-
this.passthrough = (params) =>
|
|
374
|
+
this.passthrough = (params) => __awaiter(this, void 0, void 0, function* () {
|
|
361
375
|
const decodedToken = yield this.getDecodedRefreshedAccessToken();
|
|
362
376
|
if (decodedToken && decodedToken.jti) {
|
|
363
377
|
const { url, newWindow, authHost } = params;
|
|
364
378
|
const encodedRedirectUrl = encodeURIComponent(url);
|
|
365
|
-
const passthroughUrl = `${authHost ||
|
|
379
|
+
const passthroughUrl = `${authHost || __classPrivateFieldGet(this, _Authentication_config, "f").authHost}/oauth/passthrough?jti=${decodedToken.jti}&redirect=${encodedRedirectUrl}&output=embed`;
|
|
366
380
|
if (newWindow) {
|
|
367
381
|
window.open(passthroughUrl, '_blank');
|
|
368
382
|
}
|
|
@@ -372,16 +386,16 @@ class Authentication {
|
|
|
372
386
|
}
|
|
373
387
|
return;
|
|
374
388
|
});
|
|
375
|
-
this.triggerHooks = (hookName) =>
|
|
389
|
+
this.triggerHooks = (hookName) => __awaiter(this, void 0, void 0, function* () {
|
|
376
390
|
const hooks = this.getHooks();
|
|
377
391
|
const token = yield this.getRefreshedAccessToken();
|
|
378
|
-
const hookFn = hooks && !!hooks[hookName] &&
|
|
392
|
+
const hookFn = hooks && !!hooks[hookName] && isFunction(hooks[hookName]) ? hooks[hookName](token) : false;
|
|
379
393
|
return Promise.resolve(hookFn);
|
|
380
394
|
});
|
|
381
395
|
this.afterAuthenticated = () => {
|
|
382
|
-
return this.triggerHooks(
|
|
396
|
+
return this.triggerHooks(HookName.afterLogin).then(() => __awaiter(this, void 0, void 0, function* () {
|
|
383
397
|
yield this.initNotification();
|
|
384
|
-
return
|
|
398
|
+
return __classPrivateFieldGet(this, _Authentication_accessToken, "f");
|
|
385
399
|
}));
|
|
386
400
|
};
|
|
387
401
|
this.runIframe = (authorizeUrl, state, timeoutInSeconds = DEFAULT_AUTHORIZE_TIMEOUT_IN_SECONDS) => {
|
|
@@ -404,7 +418,7 @@ class Authentication {
|
|
|
404
418
|
}, timeoutInSeconds * 1000);
|
|
405
419
|
const iframeEventHandler = (e) => {
|
|
406
420
|
const { data, origin, source } = e;
|
|
407
|
-
if (origin !==
|
|
421
|
+
if (origin !== __classPrivateFieldGet(this, _Authentication_config, "f").authHost)
|
|
408
422
|
return;
|
|
409
423
|
if (!data || data.type !== 'authorization_response')
|
|
410
424
|
return;
|
|
@@ -421,42 +435,42 @@ class Authentication {
|
|
|
421
435
|
iframe.setAttribute('src', authorizeUrl);
|
|
422
436
|
});
|
|
423
437
|
};
|
|
424
|
-
_Authentication_exchangeAuthCodeForAccessToken.set(this, (params) =>
|
|
438
|
+
_Authentication_exchangeAuthCodeForAccessToken.set(this, (params) => __awaiter(this, void 0, void 0, function* () {
|
|
425
439
|
const { verifier, code, redirectUri } = params;
|
|
426
440
|
if (verifier) {
|
|
427
|
-
const data = yield
|
|
441
|
+
const data = yield __classPrivateFieldGet(this, _Authentication_leapAuthService, "f").exchangeAuthCodeForAccessToken({
|
|
428
442
|
code,
|
|
429
443
|
verifier,
|
|
430
444
|
redirectUri
|
|
431
445
|
});
|
|
432
|
-
const redirectTriggered = yield
|
|
446
|
+
const redirectTriggered = yield __classPrivateFieldGet(this, _Authentication_verifyAndPerformRedirections, "f").call(this, data.access_token);
|
|
433
447
|
if (redirectTriggered) {
|
|
434
448
|
return true;
|
|
435
449
|
}
|
|
436
450
|
if (data.refresh_token &&
|
|
437
451
|
data.expires_in) {
|
|
438
|
-
|
|
452
|
+
__classPrivateFieldSet(this, _Authentication_refreshInfo, {
|
|
439
453
|
refreshToken: data.refresh_token,
|
|
440
454
|
accessTokenExpireIn: data.expires_in,
|
|
441
455
|
verifier: verifier,
|
|
442
456
|
timer: undefined,
|
|
443
457
|
}, "f");
|
|
444
|
-
if (
|
|
445
|
-
|
|
458
|
+
if (__classPrivateFieldGet(this, _Authentication_config, "f").autoRefreshToken) {
|
|
459
|
+
__classPrivateFieldGet(this, _Authentication_startRefreshAccessTokenProcess, "f").call(this);
|
|
446
460
|
}
|
|
447
461
|
}
|
|
448
|
-
|
|
462
|
+
__classPrivateFieldSet(this, _Authentication_accessToken, data.access_token, "f");
|
|
449
463
|
return true;
|
|
450
464
|
}
|
|
451
465
|
else {
|
|
452
466
|
return false;
|
|
453
467
|
}
|
|
454
468
|
}));
|
|
455
|
-
_Authentication_verifyAndPerformRedirections.set(this, (accessToken) =>
|
|
456
|
-
const redirectionConfig = yield
|
|
469
|
+
_Authentication_verifyAndPerformRedirections.set(this, (accessToken) => __awaiter(this, void 0, void 0, function* () {
|
|
470
|
+
const redirectionConfig = yield __classPrivateFieldGet(this, _Authentication_leapAuthService, "f").getRedirections();
|
|
457
471
|
const origin = window.location.origin;
|
|
458
|
-
const decodedToken =
|
|
459
|
-
const redirectUri =
|
|
472
|
+
const decodedToken = __classPrivateFieldGet(this, _Authentication_decodeAccessToken, "f").call(this, accessToken);
|
|
473
|
+
const redirectUri = getRedirectUri(origin, decodedToken, redirectionConfig);
|
|
460
474
|
if (redirectUri) {
|
|
461
475
|
this.logout(false, redirectUri);
|
|
462
476
|
return true;
|
|
@@ -464,44 +478,44 @@ class Authentication {
|
|
|
464
478
|
return false;
|
|
465
479
|
}));
|
|
466
480
|
_Authentication_startRefreshAccessTokenProcess.set(this, () => {
|
|
467
|
-
if (!
|
|
481
|
+
if (!__classPrivateFieldGet(this, _Authentication_refreshInfo, "f")) {
|
|
468
482
|
return;
|
|
469
483
|
}
|
|
470
|
-
if (
|
|
471
|
-
clearTimeout(
|
|
472
|
-
|
|
484
|
+
if (__classPrivateFieldGet(this, _Authentication_refreshInfo, "f").timer) {
|
|
485
|
+
clearTimeout(__classPrivateFieldGet(this, _Authentication_refreshInfo, "f").timer);
|
|
486
|
+
__classPrivateFieldSet(this, _Authentication_refreshInfo, Object.assign(Object.assign({}, __classPrivateFieldGet(this, _Authentication_refreshInfo, "f")), { timer: undefined }), "f");
|
|
473
487
|
}
|
|
474
|
-
const waitBeforeExecuting = (
|
|
488
|
+
const waitBeforeExecuting = (__classPrivateFieldGet(this, _Authentication_refreshInfo, "f").accessTokenExpireIn - SECONDS_BEFORE_EXPIRE) * 1000;
|
|
475
489
|
if (waitBeforeExecuting > MAX_SETTIME_OUT) {
|
|
476
490
|
return;
|
|
477
491
|
}
|
|
478
|
-
const timer = setTimeout(() =>
|
|
479
|
-
if (!
|
|
492
|
+
const timer = setTimeout(() => __awaiter(this, void 0, void 0, function* () {
|
|
493
|
+
if (!__classPrivateFieldGet(this, _Authentication_refreshInfo, "f")) {
|
|
480
494
|
return;
|
|
481
495
|
}
|
|
482
|
-
const data = yield
|
|
483
|
-
refreshToken:
|
|
484
|
-
verifier:
|
|
496
|
+
const data = yield __classPrivateFieldGet(this, _Authentication_leapAuthService, "f").renewAccessToken({
|
|
497
|
+
refreshToken: __classPrivateFieldGet(this, _Authentication_refreshInfo, "f").refreshToken,
|
|
498
|
+
verifier: __classPrivateFieldGet(this, _Authentication_refreshInfo, "f").verifier,
|
|
485
499
|
});
|
|
486
500
|
if (data) {
|
|
487
501
|
if (data.refresh_token && data.expires_in) {
|
|
488
|
-
|
|
489
|
-
|
|
502
|
+
__classPrivateFieldSet(this, _Authentication_refreshInfo, Object.assign(Object.assign({}, __classPrivateFieldGet(this, _Authentication_refreshInfo, "f")), { refreshToken: data.refresh_token, accessTokenExpireIn: data.expires_in }), "f");
|
|
503
|
+
__classPrivateFieldGet(this, _Authentication_startRefreshAccessTokenProcess, "f").call(this);
|
|
490
504
|
}
|
|
491
|
-
|
|
492
|
-
yield this.triggerHooks(
|
|
505
|
+
__classPrivateFieldSet(this, _Authentication_accessToken, data.access_token, "f");
|
|
506
|
+
yield this.triggerHooks(HookName.afterRefreshToken);
|
|
493
507
|
}
|
|
494
508
|
}), waitBeforeExecuting);
|
|
495
|
-
|
|
509
|
+
__classPrivateFieldSet(this, _Authentication_refreshInfo, Object.assign(Object.assign({}, __classPrivateFieldGet(this, _Authentication_refreshInfo, "f")), { timer }), "f");
|
|
496
510
|
});
|
|
497
511
|
_Authentication_destroyRefreshAccessTokenProcess.set(this, () => {
|
|
498
|
-
if (!
|
|
512
|
+
if (!__classPrivateFieldGet(this, _Authentication_refreshInfo, "f")) {
|
|
499
513
|
return;
|
|
500
514
|
}
|
|
501
|
-
if (
|
|
502
|
-
clearTimeout(
|
|
515
|
+
if (__classPrivateFieldGet(this, _Authentication_refreshInfo, "f").timer) {
|
|
516
|
+
clearTimeout(__classPrivateFieldGet(this, _Authentication_refreshInfo, "f").timer);
|
|
503
517
|
}
|
|
504
|
-
|
|
518
|
+
__classPrivateFieldSet(this, _Authentication_refreshInfo, undefined, "f");
|
|
505
519
|
});
|
|
506
520
|
_Authentication_decodeAccessToken.set(this, (accessToken) => {
|
|
507
521
|
if (!accessToken) {
|
|
@@ -519,11 +533,44 @@ class Authentication {
|
|
|
519
533
|
}
|
|
520
534
|
return undefined;
|
|
521
535
|
});
|
|
522
|
-
|
|
523
|
-
|
|
524
|
-
|
|
525
|
-
|
|
536
|
+
_Authentication_handlePopupLogin.set(this, (url) => {
|
|
537
|
+
return new Promise((resolve) => {
|
|
538
|
+
__classPrivateFieldSet(this, _Authentication_popupLogin, true, "f");
|
|
539
|
+
window.sessionStorage.setItem('leap-auth-popup-login', 'true');
|
|
540
|
+
window.open(url, '_blank', 'menubar=0,top=500,left=0,width=600,height=600');
|
|
541
|
+
window.addEventListener('message', (event) => __awaiter(this, void 0, void 0, function* () {
|
|
542
|
+
if (event.data &&
|
|
543
|
+
event.data.source &&
|
|
544
|
+
event.data.source === 'leap-auth-popup-login') {
|
|
545
|
+
const code = event.data.code;
|
|
546
|
+
const state = event.data.state;
|
|
547
|
+
const verifier = window.sessionStorage.getItem(state);
|
|
548
|
+
window.sessionStorage.removeItem(state);
|
|
549
|
+
let newUrl = window.location.href;
|
|
550
|
+
newUrl = deleteQueryParameter(newUrl, 'code', code);
|
|
551
|
+
newUrl = deleteQueryParameter(newUrl, 'state', state);
|
|
552
|
+
window.history.pushState(null, '', newUrl);
|
|
553
|
+
const done = yield __classPrivateFieldGet(this, _Authentication_exchangeAuthCodeForAccessToken, "f").call(this, {
|
|
554
|
+
code,
|
|
555
|
+
verifier,
|
|
556
|
+
redirectUri: newUrl
|
|
557
|
+
});
|
|
558
|
+
if (done) {
|
|
559
|
+
resolve(__classPrivateFieldGet(this, _Authentication_accessToken, "f"));
|
|
560
|
+
}
|
|
561
|
+
else {
|
|
562
|
+
resolve(undefined);
|
|
563
|
+
}
|
|
564
|
+
}
|
|
565
|
+
}));
|
|
566
|
+
});
|
|
567
|
+
});
|
|
568
|
+
__classPrivateFieldSet(this, _Authentication_accessToken, undefined, "f");
|
|
569
|
+
__classPrivateFieldSet(this, _Authentication_config, init(options), "f");
|
|
570
|
+
__classPrivateFieldSet(this, _Authentication_leapAuthService, new LeapAuthService(__classPrivateFieldGet(this, _Authentication_config, "f").authHost, __classPrivateFieldGet(this, _Authentication_config, "f").clientId), "f");
|
|
571
|
+
__classPrivateFieldSet(this, _Authentication_notification, new Notification(), "f");
|
|
572
|
+
__classPrivateFieldSet(this, _Authentication_popupLogin, false, "f");
|
|
526
573
|
}
|
|
527
574
|
}
|
|
528
|
-
|
|
529
|
-
|
|
575
|
+
_Authentication_accessToken = new WeakMap(), _Authentication_config = new WeakMap(), _Authentication_leapAuthService = new WeakMap(), _Authentication_notification = new WeakMap(), _Authentication_popupLogin = new WeakMap(), _Authentication_refreshInfo = new WeakMap(), _Authentication_exchangeAuthCodeForAccessToken = new WeakMap(), _Authentication_verifyAndPerformRedirections = new WeakMap(), _Authentication_startRefreshAccessTokenProcess = new WeakMap(), _Authentication_destroyRefreshAccessTokenProcess = new WeakMap(), _Authentication_decodeAccessToken = new WeakMap(), _Authentication_handlePopupLogin = new WeakMap();
|
|
576
|
+
//# sourceMappingURL=authentication.js.map
|