@lifeready/core 5.0.1 → 5.0.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/bundles/lifeready-core.umd.js +324 -302
- package/bundles/lifeready-core.umd.js.map +1 -1
- package/bundles/lifeready-core.umd.min.js +1 -1
- package/bundles/lifeready-core.umd.min.js.map +1 -1
- package/esm2015/lib/_common/ast.js +4 -4
- package/esm2015/lib/_common/exceptions.js +129 -103
- package/esm2015/lib/_common/run-outside-angular.js +3 -3
- package/esm2015/lib/_common/storage.js +3 -3
- package/esm2015/lib/_common/types.js +1 -1
- package/esm2015/lib/_common/utils.js +1 -12
- package/esm2015/lib/api/lr-graphql/lr-graphql.service.js +4 -4
- package/esm2015/lib/api/lr-graphql/lr-merged-mutation.js +4 -4
- package/esm2015/lib/api/lr-graphql/lr-mutation-base.js +3 -3
- package/esm2015/lib/api/query-processor/common-processors.service.js +3 -3
- package/esm2015/lib/api/query-processor/query-processor.service.js +4 -4
- package/esm2015/lib/api/query-processor/tp-password-reset-processor.service.js +3 -3
- package/esm2015/lib/auth/auth.types.js +1 -8
- package/esm2015/lib/auth/life-ready-auth.service.js +7 -9
- package/esm2015/lib/category/category.service.js +3 -3
- package/esm2015/lib/encryption/encryption.service.js +4 -7
- package/esm2015/lib/file-upload/file-upload.service.js +2 -3
- package/esm2015/lib/idle/idle.service.js +6 -7
- package/esm2015/lib/item2/item2.service.js +3 -3
- package/esm2015/lib/key/key-factory.service.js +8 -8
- package/esm2015/lib/key/key-graph.service.js +7 -9
- package/esm2015/lib/key/key.service.js +5 -5
- package/esm2015/lib/key/key.types.js +1 -1
- package/esm2015/lib/key-exchange/key-exchange.service.js +3 -3
- package/esm2015/lib/key-exchange/key-exchange2.service.js +3 -3
- package/esm2015/lib/lbop/lbop.service.js +13 -10
- package/esm2015/lib/life-ready.config.js +15 -4
- package/esm2015/lib/password/password.service.js +4 -5
- package/esm2015/lib/persist/persist.service.js +3 -3
- package/esm2015/lib/plan/plan.service.js +3 -3
- package/esm2015/lib/profile/profile.types.js +8 -1
- package/esm2015/lib/scenario/scenario.service.js +4 -4
- package/esm2015/lib/time/time.service.js +3 -6
- package/esm2015/lib/tp-assembly/tp-assembly.js +7 -7
- package/esm2015/lib/tp-password-reset/tp-password-reset-request.service.js +3 -3
- package/esm2015/lib/trusted-party/trusted-party2.service.js +4 -4
- package/esm2015/lib/two-factor/two-factor.service.js +3 -3
- package/fesm2015/lifeready-core.js +214 -195
- package/fesm2015/lifeready-core.js.map +1 -1
- package/lib/_common/exceptions.d.ts +54 -38
- package/lib/_common/types.d.ts +0 -4
- package/lib/_common/utils.d.ts +0 -8
- package/lib/auth/auth.types.d.ts +1 -9
- package/lib/key/key.types.d.ts +4 -1
- package/lib/lbop/lbop.service.d.ts +4 -0
- package/lib/life-ready.config.d.ts +7 -0
- package/lib/profile/profile.types.d.ts +8 -1
- package/lifeready-core.metadata.json +1 -1
- package/package.json +1 -1
|
@@ -23,157 +23,183 @@ import { Slip39Helper, Slip39 } from 'slip39';
|
|
|
23
23
|
function handleApolloError(errors) {
|
|
24
24
|
if (!errors || !errors.length)
|
|
25
25
|
return;
|
|
26
|
-
const
|
|
27
|
-
|
|
28
|
-
|
|
29
|
-
|
|
30
|
-
|
|
31
|
-
|
|
32
|
-
|
|
33
|
-
|
|
34
|
-
|
|
35
|
-
|
|
36
|
-
}
|
|
37
|
-
|
|
26
|
+
const kcErrors = errors.map((x) => {
|
|
27
|
+
return new KcError({
|
|
28
|
+
code: x.extensions && x.extensions.code,
|
|
29
|
+
source: x.extensions && x.extensions.source,
|
|
30
|
+
message: x.message,
|
|
31
|
+
debug: {
|
|
32
|
+
locations: x.locations,
|
|
33
|
+
path: x.path,
|
|
34
|
+
},
|
|
35
|
+
});
|
|
36
|
+
});
|
|
37
|
+
throw new KcException(...kcErrors);
|
|
38
38
|
}
|
|
39
|
-
class
|
|
39
|
+
class KcError {
|
|
40
|
+
constructor(options) {
|
|
41
|
+
/**
|
|
42
|
+
* The _tag prevents being able to return an object when a class is required:
|
|
43
|
+
* ref: https://medium.com/decathlondevelopers/whats-the-problem-with-typescript-s-classes-2e60aaad3f6
|
|
44
|
+
* Example:
|
|
45
|
+
* // This works because KcError is being treated as a type.
|
|
46
|
+
* function test(): KcError {
|
|
47
|
+
* return {message: "123"};
|
|
48
|
+
* }
|
|
49
|
+
* With the private _tag property, the above will cause a compiler error because _tag property is missing
|
|
50
|
+
* from the returned object.
|
|
51
|
+
*
|
|
52
|
+
* The _type property also provides a type indicator when serialising the class to POJO.
|
|
53
|
+
*/
|
|
54
|
+
this._type = 'KcError';
|
|
55
|
+
this.code = options.code;
|
|
56
|
+
this.source = options.source;
|
|
57
|
+
this.message = options.message;
|
|
58
|
+
this.debug = options.debug;
|
|
59
|
+
}
|
|
60
|
+
}
|
|
61
|
+
class KcException {
|
|
62
|
+
/**
|
|
63
|
+
*
|
|
64
|
+
* @param errors Each argument is a KcError.
|
|
65
|
+
*/
|
|
40
66
|
constructor(...errors) {
|
|
67
|
+
this._type = 'KcException';
|
|
41
68
|
this.errors = errors;
|
|
42
69
|
}
|
|
43
70
|
toString() {
|
|
44
71
|
return this.errors.map((t) => JSON.stringify(t, null, 2));
|
|
45
72
|
}
|
|
46
73
|
}
|
|
47
|
-
var
|
|
48
|
-
(function (
|
|
49
|
-
|
|
50
|
-
|
|
51
|
-
|
|
52
|
-
|
|
53
|
-
|
|
54
|
-
|
|
55
|
-
|
|
56
|
-
|
|
57
|
-
|
|
58
|
-
|
|
59
|
-
|
|
60
|
-
|
|
61
|
-
|
|
62
|
-
|
|
63
|
-
|
|
64
|
-
|
|
65
|
-
|
|
66
|
-
|
|
67
|
-
|
|
68
|
-
|
|
69
|
-
|
|
70
|
-
|
|
71
|
-
|
|
72
|
-
|
|
73
|
-
|
|
74
|
-
|
|
75
|
-
|
|
76
|
-
|
|
77
|
-
|
|
78
|
-
|
|
79
|
-
|
|
80
|
-
|
|
81
|
-
|
|
82
|
-
|
|
83
|
-
|
|
84
|
-
|
|
85
|
-
|
|
86
|
-
|
|
87
|
-
|
|
88
|
-
|
|
89
|
-
|
|
90
|
-
|
|
91
|
-
|
|
92
|
-
LrErrorCode["ConcurrentAccess"] = "LrConcurrentAccessException";
|
|
93
|
-
LrErrorCode["BadRequest"] = "LrBadRequestException";
|
|
94
|
-
LrErrorCode["Encryption"] = "LrEncryptionGoBad";
|
|
95
|
-
LrErrorCode["Locked"] = "LrLockedException";
|
|
96
|
-
})(LrErrorCode || (LrErrorCode = {}));
|
|
97
|
-
class LrBadArgumentException extends LrException {
|
|
74
|
+
var KcErrorCode;
|
|
75
|
+
(function (KcErrorCode) {
|
|
76
|
+
// API errors
|
|
77
|
+
KcErrorCode["ARCHIVED_RESOURCE"] = "ARCHIVED_RESOURCE";
|
|
78
|
+
KcErrorCode["BAD_ARGUMENT"] = "BAD_ARGUMENT";
|
|
79
|
+
KcErrorCode["BAD_SIGNATURE"] = "BAD_SIGNATURE";
|
|
80
|
+
KcErrorCode["BAD_STATE"] = "BAD_STATE";
|
|
81
|
+
KcErrorCode["CHANGED_PERMISSIONS"] = "CHANGED_PERMISSIONS";
|
|
82
|
+
KcErrorCode["CONCURRENT_ACCESS"] = "CONCURRENT_ACCESS";
|
|
83
|
+
KcErrorCode["CONFIG_ERROR"] = "CONFIG_ERROR";
|
|
84
|
+
KcErrorCode["CYCLE_DETECTED"] = "CYCLE_DETECTED";
|
|
85
|
+
KcErrorCode["EXPIRED"] = "EXPIRED";
|
|
86
|
+
KcErrorCode["INVALID_TOKEN"] = "INVALID_TOKEN";
|
|
87
|
+
KcErrorCode["INTERNAL_ERROR"] = "INTERNAL_ERROR";
|
|
88
|
+
KcErrorCode["JSON_DECODE_ERROR"] = "JSON_DECODE_ERROR";
|
|
89
|
+
KcErrorCode["KEY_MISMATCH"] = "KEY_MISMATCH";
|
|
90
|
+
KcErrorCode["LIMIT_REACHED"] = "LIMIT_REACHED";
|
|
91
|
+
KcErrorCode["LOCKED"] = "LOCKED";
|
|
92
|
+
KcErrorCode["LOGIC_ERROR"] = "LOGIC_ERROR";
|
|
93
|
+
KcErrorCode["LR_DEBUG_ONLY"] = "LR_DEBUG_ONLY";
|
|
94
|
+
KcErrorCode["MIN_DELAY"] = "MIN_DELAY";
|
|
95
|
+
KcErrorCode["MISSING_FIELD"] = "MISSING_FIELD";
|
|
96
|
+
KcErrorCode["MISSING_FIELD_VALUE"] = "MISSING_FIELD_VALUE";
|
|
97
|
+
KcErrorCode["MISSING_QUERY_PARAM"] = "MISSING_QUERY_PARAM";
|
|
98
|
+
KcErrorCode["NOT_IMPLEMENTED"] = "NOT_IMPLEMENTED";
|
|
99
|
+
KcErrorCode["OBJECT_DOES_NOT_EXIST"] = "OBJECT_DOES_NOT_EXIST";
|
|
100
|
+
KcErrorCode["OBJECT_EXISTS"] = "OBJECT_EXISTS";
|
|
101
|
+
KcErrorCode["RANGE_ERROR"] = "RANGE_ERROR";
|
|
102
|
+
KcErrorCode["TRUSTED_PARTY_NOT_FOUND"] = "TRUSTED_PARTY_NOT_FOUND";
|
|
103
|
+
KcErrorCode["UNAUTHENTICATED_USER"] = "UNAUTHENTICATED_USER";
|
|
104
|
+
KcErrorCode["USER_NOT_FOUND"] = "USER_NOT_FOUND";
|
|
105
|
+
KcErrorCode["VERSION_MISMATCH"] = "VERSION_MISMATCH";
|
|
106
|
+
KcErrorCode["WRONG_PERMISSIONS"] = "WRONG_PERMISSIONS";
|
|
107
|
+
// KC client errors
|
|
108
|
+
KcErrorCode["AUTH"] = "AUTH";
|
|
109
|
+
KcErrorCode["BAD_LOGIC"] = "BAD_LOGIC";
|
|
110
|
+
KcErrorCode["BAD_REQUEST"] = "BAD_REQUEST";
|
|
111
|
+
KcErrorCode["BAD_TIME_SYNC"] = "BAD_TIME_SYNC";
|
|
112
|
+
KcErrorCode["CODE_MISMATCH"] = "CODE_MISMATCH";
|
|
113
|
+
KcErrorCode["ENCRYPTION"] = "ENCRYPTION";
|
|
114
|
+
KcErrorCode["NOT_FOUND"] = "NOT_FOUND";
|
|
115
|
+
KcErrorCode["SUSPICIOUS_OPERATION"] = "SUSPICIOUS_OPERATION";
|
|
116
|
+
KcErrorCode["UNSUPPORTED"] = "UNSUPPORTED";
|
|
117
|
+
})(KcErrorCode || (KcErrorCode = {}));
|
|
118
|
+
class KcAuthException extends KcException {
|
|
98
119
|
constructor(message) {
|
|
99
|
-
super({ code:
|
|
120
|
+
super(new KcError({ code: KcErrorCode.AUTH, message }));
|
|
100
121
|
}
|
|
101
122
|
}
|
|
102
|
-
class
|
|
123
|
+
class KcBadArgumentException extends KcException {
|
|
103
124
|
constructor(message) {
|
|
104
|
-
super({ code:
|
|
125
|
+
super(new KcError({ code: KcErrorCode.BAD_ARGUMENT, message }));
|
|
105
126
|
}
|
|
106
127
|
}
|
|
107
|
-
class
|
|
128
|
+
class KcBadLogicException extends KcException {
|
|
108
129
|
constructor(message) {
|
|
109
|
-
super({ code:
|
|
130
|
+
super(new KcError({ code: KcErrorCode.BAD_LOGIC, message }));
|
|
110
131
|
}
|
|
111
132
|
}
|
|
112
|
-
class
|
|
133
|
+
class KcBadRequestException extends KcException {
|
|
113
134
|
constructor(message) {
|
|
114
|
-
super({ code:
|
|
135
|
+
super(new KcError({ code: KcErrorCode.BAD_REQUEST, message }));
|
|
115
136
|
}
|
|
116
137
|
}
|
|
117
|
-
class
|
|
138
|
+
class KcBadSignatureException extends KcException {
|
|
118
139
|
constructor(message) {
|
|
119
|
-
super({ code:
|
|
140
|
+
super(new KcError({ code: KcErrorCode.BAD_SIGNATURE, message }));
|
|
120
141
|
}
|
|
121
142
|
}
|
|
122
|
-
class
|
|
143
|
+
class KcBadStateException extends KcException {
|
|
123
144
|
constructor(message) {
|
|
124
|
-
super({
|
|
145
|
+
super(new KcError({
|
|
146
|
+
code: KcErrorCode.BAD_STATE,
|
|
147
|
+
message,
|
|
148
|
+
}));
|
|
125
149
|
}
|
|
126
150
|
}
|
|
127
|
-
class
|
|
151
|
+
class KcBadTimeSyncException extends KcException {
|
|
128
152
|
constructor(message) {
|
|
129
|
-
super({
|
|
153
|
+
super(new KcError({
|
|
154
|
+
code: KcErrorCode.BAD_TIME_SYNC,
|
|
155
|
+
message,
|
|
156
|
+
}));
|
|
130
157
|
}
|
|
131
158
|
}
|
|
132
|
-
class
|
|
159
|
+
class KcCodeMismatchException extends KcException {
|
|
133
160
|
constructor(message) {
|
|
134
|
-
super({ code:
|
|
161
|
+
super(new KcError({ code: KcErrorCode.CODE_MISMATCH, message }));
|
|
135
162
|
}
|
|
136
163
|
}
|
|
137
|
-
class
|
|
164
|
+
class KcConcurrentAccessException extends KcException {
|
|
138
165
|
constructor(message) {
|
|
139
|
-
super({ code:
|
|
166
|
+
super(new KcError({ code: KcErrorCode.CONCURRENT_ACCESS, message }));
|
|
140
167
|
}
|
|
141
168
|
}
|
|
142
|
-
class
|
|
169
|
+
class KcEncryptionException extends KcException {
|
|
143
170
|
constructor(message) {
|
|
144
|
-
super({ code:
|
|
171
|
+
super(new KcError({ code: KcErrorCode.ENCRYPTION, message }));
|
|
145
172
|
}
|
|
146
173
|
}
|
|
147
|
-
class
|
|
174
|
+
class KcInternalErrorException extends KcException {
|
|
148
175
|
constructor(message) {
|
|
149
|
-
super({
|
|
150
|
-
code: 'LrUnsupportedException',
|
|
151
|
-
message,
|
|
152
|
-
});
|
|
176
|
+
super(new KcError({ code: KcErrorCode.INTERNAL_ERROR, message }));
|
|
153
177
|
}
|
|
154
178
|
}
|
|
155
|
-
class
|
|
179
|
+
class KcLockedException extends KcException {
|
|
156
180
|
constructor(message) {
|
|
157
|
-
super({
|
|
158
|
-
code:
|
|
181
|
+
super(new KcError({
|
|
182
|
+
code: KcErrorCode.LOCKED,
|
|
159
183
|
message,
|
|
160
|
-
});
|
|
184
|
+
}));
|
|
161
185
|
}
|
|
162
186
|
}
|
|
163
|
-
class
|
|
187
|
+
class KcNotFoundException extends KcException {
|
|
164
188
|
constructor(message) {
|
|
165
|
-
super({
|
|
166
|
-
code: 'LrExpiredException',
|
|
167
|
-
message,
|
|
168
|
-
});
|
|
189
|
+
super(new KcError({ code: KcErrorCode.NOT_FOUND, message }));
|
|
169
190
|
}
|
|
170
191
|
}
|
|
171
|
-
class
|
|
192
|
+
class KcSuspiciousOperationException extends KcException {
|
|
172
193
|
constructor(message) {
|
|
173
|
-
super({
|
|
174
|
-
|
|
194
|
+
super(new KcError({ code: KcErrorCode.SUSPICIOUS_OPERATION, message }));
|
|
195
|
+
}
|
|
196
|
+
}
|
|
197
|
+
class KcUnsupportedException extends KcException {
|
|
198
|
+
constructor(message) {
|
|
199
|
+
super(new KcError({
|
|
200
|
+
code: KcErrorCode.UNSUPPORTED,
|
|
175
201
|
message,
|
|
176
|
-
});
|
|
202
|
+
}));
|
|
177
203
|
}
|
|
178
204
|
}
|
|
179
205
|
|
|
@@ -241,17 +267,6 @@ function getAccessJwtToken(auth) {
|
|
|
241
267
|
}
|
|
242
268
|
});
|
|
243
269
|
}
|
|
244
|
-
function httpOptions(auth, config) {
|
|
245
|
-
var _a;
|
|
246
|
-
return __awaiter(this, void 0, void 0, function* () {
|
|
247
|
-
const token = yield getAccessJwtToken(auth);
|
|
248
|
-
const debugUsername = (_a = config.debug) === null || _a === void 0 ? void 0 : _a.username;
|
|
249
|
-
return {
|
|
250
|
-
withCredentials: true,
|
|
251
|
-
headers: Object.assign(Object.assign({}, (token && { authorization: `Bearer ${token}` })), (debugUsername && { 'x-kc-dev-user': debugUsername })),
|
|
252
|
-
};
|
|
253
|
-
});
|
|
254
|
-
}
|
|
255
270
|
|
|
256
271
|
// Ref: https://stackoverflow.com/questions/59735280/angular-8-moment-error-cannot-call-a-namespace-moment
|
|
257
272
|
const moment = moment_;
|
|
@@ -321,10 +336,7 @@ class TimeService {
|
|
|
321
336
|
const serverTime = now + this.offsetMs;
|
|
322
337
|
const diff = Math.abs(serverTime - verifyTime);
|
|
323
338
|
if (diff > this.MAX_DIFF_MSEC) {
|
|
324
|
-
throw new
|
|
325
|
-
code: LrErrorCode.BadTimeSync,
|
|
326
|
-
message: `Server time does not match independent source. ServerTime: ${serverTime}, Cognito time: ${verifyTime}`,
|
|
327
|
-
});
|
|
339
|
+
throw new KcBadTimeSyncException(`Server time does not match independent source. ServerTime: ${serverTime}, Cognito time: ${verifyTime}`);
|
|
328
340
|
}
|
|
329
341
|
this.verified = true;
|
|
330
342
|
});
|
|
@@ -540,10 +552,7 @@ class EncryptionService {
|
|
|
540
552
|
}
|
|
541
553
|
}
|
|
542
554
|
catch (error) {
|
|
543
|
-
throw new
|
|
544
|
-
code: LrErrorCode.BadSignature,
|
|
545
|
-
message: `Bad signature: ${error}`,
|
|
546
|
-
});
|
|
555
|
+
throw new KcBadSignatureException(`Bad signature: ${error}`);
|
|
547
556
|
}
|
|
548
557
|
});
|
|
549
558
|
}
|
|
@@ -565,7 +574,7 @@ class EncryptionService {
|
|
|
565
574
|
case 'ArrayBuffer':
|
|
566
575
|
return payload;
|
|
567
576
|
default:
|
|
568
|
-
throw new
|
|
577
|
+
throw new KcBadArgumentException(`Unknown payloadType: ${payloadType}`);
|
|
569
578
|
}
|
|
570
579
|
}
|
|
571
580
|
}
|
|
@@ -632,7 +641,7 @@ class KeyFactoryService {
|
|
|
632
641
|
}
|
|
633
642
|
randomString(digits) {
|
|
634
643
|
if (digits <= 0) {
|
|
635
|
-
throw new
|
|
644
|
+
throw new KcBadArgumentException('digits <= 0');
|
|
636
645
|
}
|
|
637
646
|
const validChars = 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789';
|
|
638
647
|
let array = new Uint32Array(digits);
|
|
@@ -645,10 +654,10 @@ class KeyFactoryService {
|
|
|
645
654
|
}
|
|
646
655
|
randomChoices(array, chooseN) {
|
|
647
656
|
if (array.length <= 1) {
|
|
648
|
-
throw new
|
|
657
|
+
throw new KcBadArgumentException('array.length <= 0');
|
|
649
658
|
}
|
|
650
659
|
if (chooseN <= 0) {
|
|
651
|
-
throw new
|
|
660
|
+
throw new KcBadArgumentException('chooseN <= 0');
|
|
652
661
|
}
|
|
653
662
|
const values = new Uint32Array(chooseN);
|
|
654
663
|
this.kcCrypto.getRandomValues(values);
|
|
@@ -753,7 +762,7 @@ class KeyFactoryService {
|
|
|
753
762
|
derivePassIdp(params) {
|
|
754
763
|
return __awaiter(this, void 0, void 0, function* () {
|
|
755
764
|
if (params.iterations < this.MIN_PASS_IDP_PBKDF_ITER) {
|
|
756
|
-
throw new
|
|
765
|
+
throw new KcSuspiciousOperationException(`The number of PassIdp key derivation iterations sent from the server (${params.iterations}) is lower than the minimum (${this.MIN_PASS_IDP_PBKDF_ITER})`);
|
|
757
766
|
}
|
|
758
767
|
return this.deriveKey(params);
|
|
759
768
|
});
|
|
@@ -761,7 +770,7 @@ class KeyFactoryService {
|
|
|
761
770
|
derivePassKey(params) {
|
|
762
771
|
return __awaiter(this, void 0, void 0, function* () {
|
|
763
772
|
if (params.iterations < this.MIN_PASS_KEY_PBKDF_ITER) {
|
|
764
|
-
throw new
|
|
773
|
+
throw new KcSuspiciousOperationException(`The number of PassKey key derivation iterations sent from the server(${params.iterations}) is lower than the minimum(${this.MIN_PASS_KEY_PBKDF_ITER})`);
|
|
765
774
|
}
|
|
766
775
|
return this.deriveKey(params);
|
|
767
776
|
});
|
|
@@ -769,7 +778,7 @@ class KeyFactoryService {
|
|
|
769
778
|
deriveLbopKey(params) {
|
|
770
779
|
return __awaiter(this, void 0, void 0, function* () {
|
|
771
780
|
if (params.iterations < this.MIN_LBOP_KEY_PBKDF_ITER) {
|
|
772
|
-
throw new
|
|
781
|
+
throw new KcSuspiciousOperationException(`The number of LbopKey key derivation iterations sent from the server(${params.iterations}) is lower than the minimum(${this.MIN_LBOP_KEY_PBKDF_ITER})`);
|
|
773
782
|
}
|
|
774
783
|
return this.deriveKey(params);
|
|
775
784
|
});
|
|
@@ -828,7 +837,18 @@ KeyFactoryService.ctorParameters = () => [
|
|
|
828
837
|
// can possibly have different tokens with the same type (i.e. KcConfig). So it would not
|
|
829
838
|
// be appropriate to use "KcConfig" as the token string.
|
|
830
839
|
const KC_CONFIG = new InjectionToken('KC_CONFIG');
|
|
831
|
-
const RETRY_ERROR_CODES = [
|
|
840
|
+
const RETRY_ERROR_CODES = [KcErrorCode.CONCURRENT_ACCESS];
|
|
841
|
+
function httpOptions(auth, config) {
|
|
842
|
+
var _a;
|
|
843
|
+
return __awaiter(this, void 0, void 0, function* () {
|
|
844
|
+
const token = yield getAccessJwtToken(auth);
|
|
845
|
+
const debugUsername = (_a = config.debug) === null || _a === void 0 ? void 0 : _a.username;
|
|
846
|
+
return {
|
|
847
|
+
withCredentials: true,
|
|
848
|
+
headers: Object.assign(Object.assign({}, (token && { authorization: `Bearer ${token}` })), (debugUsername && { 'x-kc-dev-user': debugUsername })),
|
|
849
|
+
};
|
|
850
|
+
});
|
|
851
|
+
}
|
|
832
852
|
const configureApollo = (config, auth) => {
|
|
833
853
|
const defaultOptions = {
|
|
834
854
|
watchQuery: {
|
|
@@ -947,7 +967,7 @@ class PersistService {
|
|
|
947
967
|
console.warn('The cookie secure flag in persistService has been set to false, set it to true in production mode');
|
|
948
968
|
}
|
|
949
969
|
else {
|
|
950
|
-
throw new
|
|
970
|
+
throw new KcBadArgumentException('Can not set PersistService cookie secure flag to false in production mode.');
|
|
951
971
|
}
|
|
952
972
|
}
|
|
953
973
|
}
|
|
@@ -1138,7 +1158,7 @@ class KeyService {
|
|
|
1138
1158
|
return __awaiter(this, void 0, void 0, function* () {
|
|
1139
1159
|
const storedKey = yield this.persistService.get(this.STORE_MASTER_KEY);
|
|
1140
1160
|
if (storedKey == null) {
|
|
1141
|
-
throw new
|
|
1161
|
+
throw new KcNotFoundException(`Can not find masterKey in persisted storage using name: ${this.STORE_MASTER_KEY}`);
|
|
1142
1162
|
}
|
|
1143
1163
|
yield this.persistService.set({
|
|
1144
1164
|
name: this.STORE_MASTER_KEY,
|
|
@@ -1160,10 +1180,10 @@ class KeyService {
|
|
|
1160
1180
|
if (!this.masterKey) {
|
|
1161
1181
|
const storedKey = yield this.persistService.get(this.STORE_MASTER_KEY);
|
|
1162
1182
|
if (!storedKey) {
|
|
1163
|
-
throw new
|
|
1183
|
+
throw new KcNotFoundException('Could not find masterKey in persisted storage');
|
|
1164
1184
|
}
|
|
1165
1185
|
if (storedKey.id !== masterKeyId) {
|
|
1166
|
-
throw new
|
|
1186
|
+
throw new KcNotFoundException(`masterKeyId ${storedKey.id} in persisted storage does not match the one requested ${masterKeyId}`);
|
|
1167
1187
|
}
|
|
1168
1188
|
storedKey.jwk = yield KeyFactoryService.asKey(storedKey.jwk);
|
|
1169
1189
|
this.masterKey = storedKey;
|
|
@@ -1225,12 +1245,10 @@ class KeyGraphService {
|
|
|
1225
1245
|
getNode(id, type) {
|
|
1226
1246
|
const node = this.graph.node(id);
|
|
1227
1247
|
if (!node) {
|
|
1228
|
-
throw new
|
|
1248
|
+
throw new KcNotFoundException(`Key graphs does not contain key id: ${id}`);
|
|
1229
1249
|
}
|
|
1230
1250
|
if (node.type !== type) {
|
|
1231
|
-
throw new
|
|
1232
|
-
message: `Key with id ${id} is not of type ${type}`,
|
|
1233
|
-
});
|
|
1251
|
+
throw new KcBadStateException(`Key with id ${id} is not of type ${type}`);
|
|
1234
1252
|
}
|
|
1235
1253
|
return node.data;
|
|
1236
1254
|
}
|
|
@@ -1306,10 +1324,10 @@ class KeyGraphService {
|
|
|
1306
1324
|
}
|
|
1307
1325
|
getPath(knownKeyId, keyId) {
|
|
1308
1326
|
if (!knownKeyId || typeof knownKeyId !== 'string') {
|
|
1309
|
-
throw new
|
|
1327
|
+
throw new KcEncryptionException(`Param knownKeyId wrong format: ${knownKeyId}`);
|
|
1310
1328
|
}
|
|
1311
1329
|
if (!keyId || typeof keyId !== 'string') {
|
|
1312
|
-
throw new
|
|
1330
|
+
throw new KcEncryptionException(`Param keyId wrong format: ${keyId}`);
|
|
1313
1331
|
}
|
|
1314
1332
|
// => { A: { distance: 0 },
|
|
1315
1333
|
// B: { distance: 6, predecessor: 'C' },
|
|
@@ -1443,7 +1461,7 @@ class KeyGraphService {
|
|
|
1443
1461
|
wrapKey(wrappingKey, key) {
|
|
1444
1462
|
return __awaiter(this, void 0, void 0, function* () {
|
|
1445
1463
|
if (!isSymmetricKey(key)) {
|
|
1446
|
-
throw new
|
|
1464
|
+
throw new KcBadArgumentException('Only allowing wrapping of symmetric keys.');
|
|
1447
1465
|
}
|
|
1448
1466
|
return this.encryptToString(wrappingKey, key.toJSON(true));
|
|
1449
1467
|
});
|
|
@@ -1519,7 +1537,7 @@ LrApolloService.ctorParameters = () => [
|
|
|
1519
1537
|
function getAstOperation(astDocument, operation) {
|
|
1520
1538
|
const operations = astDocument.definitions.filter((def) => def.kind === 'OperationDefinition');
|
|
1521
1539
|
if (operations.length > 1) {
|
|
1522
|
-
throw new
|
|
1540
|
+
throw new KcBadLogicException(`There can be only one '${operation}' operation, instead there are ${operations.length}`);
|
|
1523
1541
|
}
|
|
1524
1542
|
return operations[0];
|
|
1525
1543
|
}
|
|
@@ -1535,7 +1553,7 @@ function getFragments(doc) {
|
|
|
1535
1553
|
function getFragment(astDocument) {
|
|
1536
1554
|
const fragments = getFragments(astDocument);
|
|
1537
1555
|
if (fragments.length > 1) {
|
|
1538
|
-
throw new
|
|
1556
|
+
throw new KcBadArgumentException('GraphQL document can only contain one fragment.');
|
|
1539
1557
|
}
|
|
1540
1558
|
return fragments[0];
|
|
1541
1559
|
}
|
|
@@ -1777,7 +1795,7 @@ function RunOutsideAngular({ ngZoneName, exceptLastPromise = true, excludeMethod
|
|
|
1777
1795
|
return (target) => {
|
|
1778
1796
|
function run(original, args) {
|
|
1779
1797
|
if (!this[ngZoneName]) {
|
|
1780
|
-
throw new
|
|
1798
|
+
throw new KcBadLogicException(`RunOutsideAngular decorator requires that ${target.name} inject NgZone as ${ngZoneName}`);
|
|
1781
1799
|
}
|
|
1782
1800
|
// runOutsideAngular() synchronously runs the callback and returns the result.
|
|
1783
1801
|
const result = this[ngZoneName].runOutsideAngular(() => original.apply(this, args));
|
|
@@ -1882,7 +1900,7 @@ let CommonProcessorsService = class CommonProcessorsService {
|
|
|
1882
1900
|
: field.keyId || ((_a = field.key) === null || _a === void 0 ? void 0 : _a.id);
|
|
1883
1901
|
if (!keyId) {
|
|
1884
1902
|
const keyIdName = getKeyId ? 'key-id' : 'keyId or key.id';
|
|
1885
|
-
throw new
|
|
1903
|
+
throw new KcBadLogicException(`Query response does not contain ${keyIdName} field: ${context.path.join('.')}`);
|
|
1886
1904
|
}
|
|
1887
1905
|
return this.keyGraph
|
|
1888
1906
|
.decryptFromString(keyId, cipherField)
|
|
@@ -1940,7 +1958,7 @@ let TpPasswordResetProcessorService = class TpPasswordResetProcessorService {
|
|
|
1940
1958
|
const ret = Object.assign({}, field);
|
|
1941
1959
|
if (field.assembly) {
|
|
1942
1960
|
if (field.applied == null) {
|
|
1943
|
-
throw new
|
|
1961
|
+
throw new KcBadRequestException('If you request for field "assembly" in the TpPasswordResetNode, then you must also request the "applied" field');
|
|
1944
1962
|
}
|
|
1945
1963
|
ret.assembly = yield this.processTpAssemblyNode(field.assembly, field.applied);
|
|
1946
1964
|
}
|
|
@@ -2169,7 +2187,7 @@ let QueryProcessorService = class QueryProcessorService {
|
|
|
2169
2187
|
processField({ field, context, options, }) {
|
|
2170
2188
|
return __awaiter(this, void 0, void 0, function* () {
|
|
2171
2189
|
if (field === null || field === void 0 ? void 0 : field.then) {
|
|
2172
|
-
throw new
|
|
2190
|
+
throw new KcBadLogicException('processField() should not receive thenable.');
|
|
2173
2191
|
}
|
|
2174
2192
|
if (field == null) {
|
|
2175
2193
|
return null;
|
|
@@ -2233,7 +2251,7 @@ let QueryProcessorService = class QueryProcessorService {
|
|
|
2233
2251
|
}
|
|
2234
2252
|
registerProcessor(name, processor) {
|
|
2235
2253
|
if (this.processors[name]) {
|
|
2236
|
-
throw new
|
|
2254
|
+
throw new KcBadLogicException(`Processor for field ${name} already exists.`);
|
|
2237
2255
|
}
|
|
2238
2256
|
this.processors[name] = processor;
|
|
2239
2257
|
}
|
|
@@ -2321,7 +2339,7 @@ class LrMutationBase {
|
|
|
2321
2339
|
}
|
|
2322
2340
|
setExecuted() {
|
|
2323
2341
|
if (this._executed) {
|
|
2324
|
-
throw new
|
|
2342
|
+
throw new KcBadStateException('Already executed');
|
|
2325
2343
|
}
|
|
2326
2344
|
this._executed = true;
|
|
2327
2345
|
}
|
|
@@ -2448,7 +2466,7 @@ class LrMergedMutation extends LrMutationBase {
|
|
|
2448
2466
|
const ret = new Set();
|
|
2449
2467
|
const addOrThrow = (item) => {
|
|
2450
2468
|
if (ret.has(item)) {
|
|
2451
|
-
throw new
|
|
2469
|
+
throw new KcBadLogicException('Classes that are derived from LrMutationBase can not be used more than once in a merged mutation.');
|
|
2452
2470
|
}
|
|
2453
2471
|
ret.add(item);
|
|
2454
2472
|
};
|
|
@@ -2460,7 +2478,7 @@ class LrMergedMutation extends LrMutationBase {
|
|
|
2460
2478
|
lrMutation.descendants.forEach((t) => addOrThrow(t));
|
|
2461
2479
|
}
|
|
2462
2480
|
else {
|
|
2463
|
-
throw new
|
|
2481
|
+
throw new KcUnsupportedException(`LrMergeMutation can not handle class: ${lrMutation.constructor.name}`);
|
|
2464
2482
|
}
|
|
2465
2483
|
});
|
|
2466
2484
|
return ret;
|
|
@@ -2671,10 +2689,10 @@ let LrGraphQLService = class LrGraphQLService {
|
|
|
2671
2689
|
lrMutateImpl(lrMutation, options) {
|
|
2672
2690
|
return __awaiter(this, void 0, void 0, function* () {
|
|
2673
2691
|
if (options === null || options === void 0 ? void 0 : options.variables) {
|
|
2674
|
-
throw new
|
|
2692
|
+
throw new KcUnsupportedException('Unsupported field: "options.variables"');
|
|
2675
2693
|
}
|
|
2676
2694
|
if (lrMutation.executed) {
|
|
2677
|
-
throw new
|
|
2695
|
+
throw new KcBadStateException('LrMutation has already executed. LrMutation can only be used once in a lrMutate() call. Create new instances of LrMutation.');
|
|
2678
2696
|
}
|
|
2679
2697
|
lrMutation.setExecuted();
|
|
2680
2698
|
return this.apolloMutate(Object.assign(Object.assign({}, options), lrMutation.lrMutationData))
|
|
@@ -2987,13 +3005,6 @@ class CognitoChallengeUser extends CognitoUser {
|
|
|
2987
3005
|
this.isTpPasswordResetUser = false;
|
|
2988
3006
|
}
|
|
2989
3007
|
}
|
|
2990
|
-
var FeatureAction;
|
|
2991
|
-
(function (FeatureAction) {
|
|
2992
|
-
// Just the one for now
|
|
2993
|
-
FeatureAction["ACCESS"] = "access";
|
|
2994
|
-
})(FeatureAction || (FeatureAction = {}));
|
|
2995
|
-
class Features {
|
|
2996
|
-
}
|
|
2997
3008
|
class CurrentUser {
|
|
2998
3009
|
}
|
|
2999
3010
|
class LoginResult {
|
|
@@ -3028,20 +3039,20 @@ class IdleService {
|
|
|
3028
3039
|
}
|
|
3029
3040
|
assertInit() {
|
|
3030
3041
|
if (!this.initCalled) {
|
|
3031
|
-
throw new
|
|
3042
|
+
throw new KcBadStateException('Call IdleService.init() first.');
|
|
3032
3043
|
}
|
|
3033
3044
|
}
|
|
3034
3045
|
init(params) {
|
|
3035
3046
|
return __awaiter(this, void 0, void 0, function* () {
|
|
3036
3047
|
if (this.initCalled) {
|
|
3037
|
-
throw new
|
|
3048
|
+
throw new KcBadStateException('IdleService.init() can only be called once. IdleService.start() calls init() with default values if init() has not been called yet.');
|
|
3038
3049
|
}
|
|
3039
3050
|
this.initCalled = true;
|
|
3040
3051
|
// Defaults
|
|
3041
3052
|
params = Object.assign({ onTimeout: null, onKeepalive: null, idleSec: Config.IDLE, timeoutSec: Config.TIMEOUT, keepAliveIntervalSec: Config.KEEP_ALIVE_INTERVAL }, params);
|
|
3042
3053
|
// If timeoutSec == 0 then the onTimeout() callback is never called.
|
|
3043
3054
|
if (params.timeoutSec < 0.01) {
|
|
3044
|
-
throw new
|
|
3055
|
+
throw new KcBadArgumentException('Minimum value for IdleService.init({ timeoutSec }) is 0.01');
|
|
3045
3056
|
}
|
|
3046
3057
|
this.onTimeout = params.onTimeout;
|
|
3047
3058
|
this.onKeepalive = params.onKeepalive;
|
|
@@ -3970,7 +3981,7 @@ class PlanService {
|
|
|
3970
3981
|
createUserIssuedPlan({ planName, tokenExpiryTime, planPeriodEnd, planPeriodEndAfterSeconds, }) {
|
|
3971
3982
|
return __awaiter(this, void 0, void 0, function* () {
|
|
3972
3983
|
if (planPeriodEnd == null && planPeriodEndAfterSeconds == null) {
|
|
3973
|
-
throw new
|
|
3984
|
+
throw new KcBadArgumentException('Must specify either "planPeriodEnd" or "planPeriodEndAfterSeconds"');
|
|
3974
3985
|
}
|
|
3975
3986
|
const { createUserIssuedPlan } = yield this.lrApollo.mutate({
|
|
3976
3987
|
mutation: CreateUserIssuedPlanMutation,
|
|
@@ -4163,6 +4174,13 @@ const UpdateContactCardMutation$1 = gql `
|
|
|
4163
4174
|
}
|
|
4164
4175
|
`;
|
|
4165
4176
|
|
|
4177
|
+
var FeatureAction;
|
|
4178
|
+
(function (FeatureAction) {
|
|
4179
|
+
// Just the one for now
|
|
4180
|
+
FeatureAction["ACCESS"] = "access";
|
|
4181
|
+
})(FeatureAction || (FeatureAction = {}));
|
|
4182
|
+
class Features {
|
|
4183
|
+
}
|
|
4166
4184
|
class CurrentUserKey {
|
|
4167
4185
|
}
|
|
4168
4186
|
class ApiCurrentUser {
|
|
@@ -4530,7 +4548,7 @@ class PasswordService {
|
|
|
4530
4548
|
return KeyFactoryService.asKey(prkJson);
|
|
4531
4549
|
}
|
|
4532
4550
|
catch (error) {
|
|
4533
|
-
throw new
|
|
4551
|
+
throw new KcAuthException('Wrong current password');
|
|
4534
4552
|
}
|
|
4535
4553
|
});
|
|
4536
4554
|
}
|
|
@@ -4862,7 +4880,7 @@ class TpAssemblyController {
|
|
|
4862
4880
|
if (assemblyKeyParams) {
|
|
4863
4881
|
if (JSON.stringify(assemblyKeyParams) !==
|
|
4864
4882
|
JSON.stringify(partial.assemblyKeyParams)) {
|
|
4865
|
-
throw new
|
|
4883
|
+
throw new KcBadStateException('The assembly key parameters are different between the approvals.');
|
|
4866
4884
|
}
|
|
4867
4885
|
}
|
|
4868
4886
|
else {
|
|
@@ -4927,7 +4945,7 @@ class TpAssemblyController {
|
|
|
4927
4945
|
prepareUpdateSubAssemblies({ input, subjectKey, slipSubAssemblies, assemblyKeyParams, subAssemblies, }) {
|
|
4928
4946
|
return __awaiter(this, void 0, void 0, function* () {
|
|
4929
4947
|
if (slipSubAssemblies.length !== input.length) {
|
|
4930
|
-
throw new
|
|
4948
|
+
throw new KcBadArgumentException('The slipSubAssemblies must be the same length as the input');
|
|
4931
4949
|
}
|
|
4932
4950
|
return Promise.all(input.map((sa, saIndex) => __awaiter(this, void 0, void 0, function* () {
|
|
4933
4951
|
const subjectCipherData = yield this.encryptionService.encryptToString(subjectKey, sa.subjectCipherDataClearJson || '');
|
|
@@ -5054,7 +5072,7 @@ class TpAssemblyController {
|
|
|
5054
5072
|
if (createSubAssembliesInput.length === 0 &&
|
|
5055
5073
|
updateSubAssembliesInput.length === 0 &&
|
|
5056
5074
|
deleteSubAssembliesInput.length === 0) {
|
|
5057
|
-
throw new
|
|
5075
|
+
throw new KcBadArgumentException('Must specify at least one of: [createSubAssemblies, updateSubAssemblies, deleteSubAssemblies]');
|
|
5058
5076
|
}
|
|
5059
5077
|
const rootKey = yield this.keyService.getCurrentRootKey();
|
|
5060
5078
|
const subjectKey = yield this.keyGraph.getKey(assembly.subjectKey.id);
|
|
@@ -5171,7 +5189,7 @@ class TpAssemblyController {
|
|
|
5171
5189
|
if (!tp.currentUserSharedKey.userSharedKey.mkSharedKey) {
|
|
5172
5190
|
const msg = `tp ${tp.other.username} does not have mkSharedKey`;
|
|
5173
5191
|
console.log(msg);
|
|
5174
|
-
throw new
|
|
5192
|
+
throw new KcBadArgumentException(msg);
|
|
5175
5193
|
}
|
|
5176
5194
|
}
|
|
5177
5195
|
}
|
|
@@ -5180,7 +5198,7 @@ class TpAssemblyController {
|
|
|
5180
5198
|
return __awaiter(this, void 0, void 0, function* () {
|
|
5181
5199
|
// Is there enough sub assemblies to meet quorum
|
|
5182
5200
|
if (subAssemblies.length < assemblyQuorum) {
|
|
5183
|
-
throw new
|
|
5201
|
+
throw new KcBadArgumentException('Not enough sub assemblies to meet quorum');
|
|
5184
5202
|
}
|
|
5185
5203
|
const slipAssembly = new Assembly(assemblyQuorum);
|
|
5186
5204
|
subAssemblies.forEach((sa, index) => {
|
|
@@ -5504,7 +5522,7 @@ class LifeReadyAuthService {
|
|
|
5504
5522
|
this.logoutListeners = new Set();
|
|
5505
5523
|
if (!isDevMode()) {
|
|
5506
5524
|
if (this.config.debug != null) {
|
|
5507
|
-
throw new
|
|
5525
|
+
throw new KcBadRequestException('In production mode, "config.debug" must be set to null');
|
|
5508
5526
|
}
|
|
5509
5527
|
}
|
|
5510
5528
|
}
|
|
@@ -5595,7 +5613,7 @@ class LifeReadyAuthService {
|
|
|
5595
5613
|
// Download the salt needed to derive the PassIdp
|
|
5596
5614
|
const passIdpApiResult = yield this.profileService.getPassIdpParams(emailOrPhone);
|
|
5597
5615
|
if (passIdpApiResult.passwordChangeStatus === PasswordChangeStatus.InProgress) {
|
|
5598
|
-
throw new
|
|
5616
|
+
throw new KcConcurrentAccessException('A password change is in progress');
|
|
5599
5617
|
}
|
|
5600
5618
|
if (passIdpApiResult.passwordChangeStatus === PasswordChangeStatus.Recovery) {
|
|
5601
5619
|
console.log('In recovery mode.');
|
|
@@ -5625,7 +5643,7 @@ class LifeReadyAuthService {
|
|
|
5625
5643
|
catch (error) {
|
|
5626
5644
|
// Just bubble up any other type of error.
|
|
5627
5645
|
throw error.code === 'NotAuthorizedException'
|
|
5628
|
-
? new
|
|
5646
|
+
? new KcBadRequestException('The password change request was interrupted, please try to login with both your new and old password')
|
|
5629
5647
|
: error;
|
|
5630
5648
|
}
|
|
5631
5649
|
}
|
|
@@ -5880,7 +5898,7 @@ class LifeReadyAuthService {
|
|
|
5880
5898
|
return __awaiter(this, void 0, void 0, function* () {
|
|
5881
5899
|
const resetUser = yield this.getResetUser(true);
|
|
5882
5900
|
if (resetUser.state !== TpClaimState.APPROVED) {
|
|
5883
|
-
throw new
|
|
5901
|
+
throw new KcBadStateException('Password reset request has not been approved.');
|
|
5884
5902
|
}
|
|
5885
5903
|
// --------------------------------------------------------------
|
|
5886
5904
|
// Prepare all materials to ensure there are no errors.
|
|
@@ -5959,9 +5977,7 @@ class LifeReadyAuthService {
|
|
|
5959
5977
|
noProxy: 'true',
|
|
5960
5978
|
});
|
|
5961
5979
|
if (user.challengeName !== 'NEW_PASSWORD_REQUIRED') {
|
|
5962
|
-
throw new
|
|
5963
|
-
message: 'Internal error. Expecting Cognito to have done a password reset after call to PreCompleteTpPasswordResetRequestMutation.',
|
|
5964
|
-
});
|
|
5980
|
+
throw new KcInternalErrorException('Expecting Cognito to have done a password reset after call to PreCompleteTpPasswordResetRequestMutation.');
|
|
5965
5981
|
}
|
|
5966
5982
|
// Set new password on Idp
|
|
5967
5983
|
// the awsFetch() function passes NEW_PASSWORD_REQUIRED directly to AWS without
|
|
@@ -6209,7 +6225,7 @@ class CategoryService {
|
|
|
6209
6225
|
});
|
|
6210
6226
|
const defaultVaults = yield this.mapVaults(list);
|
|
6211
6227
|
if (defaultVaults.length > 1) {
|
|
6212
|
-
throw new
|
|
6228
|
+
throw new KcBadStateException('There are more than one default vaults');
|
|
6213
6229
|
}
|
|
6214
6230
|
return defaultVaults[0] || null;
|
|
6215
6231
|
});
|
|
@@ -7602,7 +7618,7 @@ let Item2Service = Item2Service_1 = class Item2Service extends LrService {
|
|
|
7602
7618
|
const directoryKey = yield this.keyFactory.createKey();
|
|
7603
7619
|
options.parentDirectories = options.parentDirectories || [];
|
|
7604
7620
|
if (!options.asRootDirectory && !((_a = options.parentDirectories) === null || _a === void 0 ? void 0 : _a.length)) {
|
|
7605
|
-
throw new
|
|
7621
|
+
throw new KcBadArgumentException('A new directory must be either a root directory or a sub-directory. So you must provide either parentDirectories and/or asRootDirectory parameter.');
|
|
7606
7622
|
}
|
|
7607
7623
|
const parentDirectories = yield Promise.all((_b = options.parentDirectories) === null || _b === void 0 ? void 0 : _b.map((t) => this.prepareParentDirectory(t, directoryKey)));
|
|
7608
7624
|
// TODO this is rather an unfortunate name, change it to asRootDirectory.
|
|
@@ -8294,7 +8310,7 @@ class KeyExchangeService {
|
|
|
8294
8310
|
const plainInitiatorOneTimePbkCipher = yield this.decryptResponseCipher(yield KeyFactoryService.asKey(plainInitiatorRootKeyCipher.otKey), yield KeyFactoryService.asKey(plainInitiatorRootKeyCipher.oneTimePrk), initiatorOneTimePbkCipher);
|
|
8295
8311
|
// Check the nonce match to ensure the responder was the one holding the OTK
|
|
8296
8312
|
if (plainInitiatorRootKeyCipher.nonce !== plainInitiatorOneTimePbkCipher.nonce) {
|
|
8297
|
-
throw new
|
|
8313
|
+
throw new KcCodeMismatchException('The nonce returned by responder does not match with the one created by the initiator.');
|
|
8298
8314
|
}
|
|
8299
8315
|
// Option 1: Assuming the signing key is unique between users.
|
|
8300
8316
|
// const initiatorSigPrk = await KFS.asKey(ke.plainInitiatorRootKeyCipher.sigPrk);
|
|
@@ -8951,7 +8967,7 @@ let KeyExchange2Service = class KeyExchange2Service extends LrService {
|
|
|
8951
8967
|
// Check the nonce match to ensure the responder was the one holding the OTK
|
|
8952
8968
|
if (initiatorRootKeyCipherClearJson.nonce !==
|
|
8953
8969
|
plainInitiatorOneTimePbkCipher.nonce) {
|
|
8954
|
-
throw new
|
|
8970
|
+
throw new KcCodeMismatchException('The nonce returned by responder does not match with the one created by the initiator.');
|
|
8955
8971
|
}
|
|
8956
8972
|
// Option 1: Assuming the signing key is unique between users.
|
|
8957
8973
|
// const initiatorSigPrk = await KFS.asKey(ke.plainInitiatorRootKeyCipher.sigPrk);
|
|
@@ -9050,6 +9066,11 @@ KeyExchange2Service = __decorate([
|
|
|
9050
9066
|
})
|
|
9051
9067
|
], KeyExchange2Service);
|
|
9052
9068
|
|
|
9069
|
+
const ERROR_SOURCE = 'LBOP';
|
|
9070
|
+
var KcLbopErrorCode;
|
|
9071
|
+
(function (KcLbopErrorCode) {
|
|
9072
|
+
KcLbopErrorCode["INVALID_PASSPHRASE"] = "INVALID_PASSPHRASE";
|
|
9073
|
+
})(KcLbopErrorCode || (KcLbopErrorCode = {}));
|
|
9053
9074
|
const CreateLbopQuery = gql `
|
|
9054
9075
|
mutation CreateLbop($input: CreateLbopInput!) {
|
|
9055
9076
|
createLbop(input: $input) {
|
|
@@ -9173,7 +9194,7 @@ class LbopService {
|
|
|
9173
9194
|
create({ name }) {
|
|
9174
9195
|
return __awaiter(this, void 0, void 0, function* () {
|
|
9175
9196
|
if (Slip39Helper.WORD_LIST.length !== 1024) {
|
|
9176
|
-
throw new
|
|
9197
|
+
throw new KcBadLogicException('Slip39Helper.WORD_LIST.length != 1024');
|
|
9177
9198
|
}
|
|
9178
9199
|
// Get existing to make sure there are not duplicate first words
|
|
9179
9200
|
const lbops = yield this.list();
|
|
@@ -9255,11 +9276,11 @@ class LbopService {
|
|
|
9255
9276
|
continue;
|
|
9256
9277
|
}
|
|
9257
9278
|
}
|
|
9258
|
-
throw new
|
|
9259
|
-
source:
|
|
9260
|
-
code:
|
|
9279
|
+
throw new KcException(new KcError({
|
|
9280
|
+
source: ERROR_SOURCE,
|
|
9281
|
+
code: KcLbopErrorCode.INVALID_PASSPHRASE,
|
|
9261
9282
|
message: 'Invalid passphrase.',
|
|
9262
|
-
});
|
|
9283
|
+
}));
|
|
9263
9284
|
});
|
|
9264
9285
|
}
|
|
9265
9286
|
verifyContact(params) {
|
|
@@ -9341,9 +9362,7 @@ class LbopService {
|
|
|
9341
9362
|
noProxy: 'true',
|
|
9342
9363
|
});
|
|
9343
9364
|
if (user.challengeName !== 'NEW_PASSWORD_REQUIRED') {
|
|
9344
|
-
throw new
|
|
9345
|
-
message: 'Internal error. Expecting Cognito to have done a password reset.',
|
|
9346
|
-
});
|
|
9365
|
+
throw new KcInternalErrorException('Expecting Cognito to have done a password reset.');
|
|
9347
9366
|
}
|
|
9348
9367
|
// --Potential Failure Point 6 --
|
|
9349
9368
|
// Must restart the LBOP password reset process again.
|
|
@@ -11623,10 +11642,10 @@ query SharedScenarioQuery($scenarioId: LrRelayIdInput!) {
|
|
|
11623
11642
|
`;
|
|
11624
11643
|
|
|
11625
11644
|
function throwClaimIdMismatch() {
|
|
11626
|
-
throw new
|
|
11645
|
+
throw new KcBadArgumentException('claimId does not match with the current claimId of the scenario');
|
|
11627
11646
|
}
|
|
11628
11647
|
function throwClaimNotApproved() {
|
|
11629
|
-
throw new
|
|
11648
|
+
throw new KcBadStateException('Scenario claim has not been approved');
|
|
11630
11649
|
}
|
|
11631
11650
|
let ScenarioService = class ScenarioService extends LrService {
|
|
11632
11651
|
constructor(ngZone, injector, keyGraph, item2Service, assemblyController, encryptionService) {
|
|
@@ -12399,7 +12418,7 @@ let TpPasswordResetRequestService = class TpPasswordResetRequestService extends
|
|
|
12399
12418
|
activeRequestOrRaise(sharedReset) {
|
|
12400
12419
|
const state = sharedReset.sharedRequest.claim.state;
|
|
12401
12420
|
if (state !== TpAssemblyState.CLAIMED) {
|
|
12402
|
-
throw new
|
|
12421
|
+
throw new KcBadStateException(`Claim is already in ${state} state.`);
|
|
12403
12422
|
}
|
|
12404
12423
|
}
|
|
12405
12424
|
rejectRequest(sharedResetId) {
|
|
@@ -12481,7 +12500,7 @@ const COGNITO_LOCALSTORAGE_PREFIX = 'CognitoIdentityServiceProvider';
|
|
|
12481
12500
|
*/
|
|
12482
12501
|
function clearLocalStorage(prefix) {
|
|
12483
12502
|
if (!prefix) {
|
|
12484
|
-
throw new
|
|
12503
|
+
throw new KcBadArgumentException('You must specify a non empty prefix.');
|
|
12485
12504
|
}
|
|
12486
12505
|
// Remove all persisted session variables
|
|
12487
12506
|
Object.keys(localStorage).forEach((key) => {
|
|
@@ -12892,7 +12911,7 @@ let TrustedParty2Service = class TrustedParty2Service extends LrService {
|
|
|
12892
12911
|
return __awaiter(this, void 0, void 0, function* () {
|
|
12893
12912
|
const userSharedKey = yield this.getTpCurrentUserSharedKey(tpId);
|
|
12894
12913
|
if (userSharedKey.mkSharedKey) {
|
|
12895
|
-
throw new
|
|
12914
|
+
throw new KcBadStateException('TP already has mkSharedKey');
|
|
12896
12915
|
}
|
|
12897
12916
|
const masterKey = yield this.keyService.getCurrentMasterKey();
|
|
12898
12917
|
const prk = yield this.keyFactory.createPkcKey();
|
|
@@ -12920,7 +12939,7 @@ let TrustedParty2Service = class TrustedParty2Service extends LrService {
|
|
|
12920
12939
|
return __awaiter(this, void 0, void 0, function* () {
|
|
12921
12940
|
const userSharedKey = yield this.getTpCurrentUserSharedKey(tpId);
|
|
12922
12941
|
if (!userSharedKey.mkSharedKey) {
|
|
12923
|
-
throw new
|
|
12942
|
+
throw new KcBadStateException('No access to the mkSharedKey so cannot reshare it with TP');
|
|
12924
12943
|
}
|
|
12925
12944
|
const sharedKey = yield this.keyGraph.getKey(userSharedKey.sharedKey.id);
|
|
12926
12945
|
const plainMkReshareRequestCipher = yield this.encryptionService.decrypt(sharedKey, userSharedKey.mkReshareRequestCipher);
|
|
@@ -13052,7 +13071,7 @@ class TwoFactorService {
|
|
|
13052
13071
|
const code = yield this.auth.setupTOTP(cognitoUser);
|
|
13053
13072
|
const email = userInfo.attributes.email;
|
|
13054
13073
|
if (!email) {
|
|
13055
|
-
throw new
|
|
13074
|
+
throw new KcBadArgumentException('No email associated with user.');
|
|
13056
13075
|
}
|
|
13057
13076
|
return {
|
|
13058
13077
|
code,
|
|
@@ -13085,5 +13104,5 @@ TwoFactorService.ctorParameters = () => [
|
|
|
13085
13104
|
* Generated bundle index. Do not edit.
|
|
13086
13105
|
*/
|
|
13087
13106
|
|
|
13088
|
-
export { AccessLevel, AccessRoleChoice, AccessRoleMethodChoice, ApiContactCard, ApiCurrentUser, ArchiveDirectoryMutation, CancelUserDeleteMutation, Category, CategoryFields, CategoryFilter, CategoryMetaService, CategoryService, ClaimApproverState, ClaimState, CognitoChallengeUser, CommonProcessorsService, CompleteOtkMutation, Config, ContactCard2Service, ContactCardAddress, ContactCardName, CreateCategoryMutation, CreateContactCardMutation$1 as CreateContactCardMutation, CreateFileMutation, CreateFileQuery, CreateLbopQuery, CreateRecordContainerMutation, CreateRecordMutation, CreateVaultMutation, CurrentCategory, CurrentUser, CurrentUserKey, CurrentUserQuery, CurrentUserSharedKeyQuery, DEFAULT_BREADCRUMB_DEPTH, DEFAULT_DESCENDANTS_DEPTH, DefaultCategory, DefaultProcessorOptions, DefaultVaultFilter, DeleteCategoryMutation, DeleteFileMutation, DeleteLbopQuery, DeleteRecordMutation, DirectoryQuery, DirectoryType, FeatureAction, Features, FetchKeyGraphField, FileOperationField, FileQuery, FileType, FileUploadService, GetCategoriesQuery, GetCategoryKeyIdQuery, GetCategoryQuery, GetMySharedCategoriesQuery, GetRecordQuery, GetRootDirectoryIdsQuery, GetTrustedPartyCategoriesQuery, GetVaultsQuery, IdleService, InitiateOtkMutation, Item2Service, KC_CONFIG,
|
|
13107
|
+
export { AccessLevel, AccessRoleChoice, AccessRoleMethodChoice, ApiContactCard, ApiCurrentUser, ArchiveDirectoryMutation, CancelUserDeleteMutation, Category, CategoryFields, CategoryFilter, CategoryMetaService, CategoryService, ClaimApproverState, ClaimState, CognitoChallengeUser, CommonProcessorsService, CompleteOtkMutation, Config, ContactCard2Service, ContactCardAddress, ContactCardName, CreateCategoryMutation, CreateContactCardMutation$1 as CreateContactCardMutation, CreateFileMutation, CreateFileQuery, CreateLbopQuery, CreateRecordContainerMutation, CreateRecordMutation, CreateVaultMutation, CurrentCategory, CurrentUser, CurrentUserKey, CurrentUserQuery, CurrentUserSharedKeyQuery, DEFAULT_BREADCRUMB_DEPTH, DEFAULT_DESCENDANTS_DEPTH, DefaultCategory, DefaultProcessorOptions, DefaultVaultFilter, DeleteCategoryMutation, DeleteFileMutation, DeleteLbopQuery, DeleteRecordMutation, DirectoryQuery, DirectoryType, ERROR_SOURCE, FeatureAction, Features, FetchKeyGraphField, FileOperationField, FileQuery, FileType, FileUploadService, GetCategoriesQuery, GetCategoryKeyIdQuery, GetCategoryQuery, GetMySharedCategoriesQuery, GetRecordQuery, GetRootDirectoryIdsQuery, GetTrustedPartyCategoriesQuery, GetVaultsQuery, IdleService, InitiateOtkMutation, Item2Service, KC_CONFIG, KcAuthException, KcBadArgumentException, KcBadLogicException, KcBadRequestException, KcBadSignatureException, KcBadStateException, KcBadTimeSyncException, KcCodeMismatchException, KcConcurrentAccessException, KcEncryptionException, KcError, KcErrorCode, KcException, KcInternalErrorException, KcLbopErrorCode, KcLockedException, KcNotFoundException, KcSuspiciousOperationException, KcUnsupportedException, KeyExchange2Service, KeyExchangeFields, KeyExchangeMode, KeyExchangeOtkState, KeyExchangeQuery, KeyExchangeService, KeyExchangeState, KeyExchangeTokenQuery, KeyExchangesQuery, KeyGraphField, KeyGraphFragment, LbopQuery, LbopService, LbopsQuery, LifeReadyAuthService, LifeReadyModule, LinkTypeField, LoadedCategoryTree, LockService, LockState, LoginHistoryQuery, LoginResult, LrApolloService, LrGraphQLService, LrMergedMutation, LrMutation, LrMutationBase, LrRecord, LrService, MainContactCard, MainContactCardFields, MainContactCardPlainFields, MainContactCardProperty, MessageService, MoveDirectoryQuery, MoveFileQuery, NewAttachment, NewCategory, NewOrUpdatedAttachment, NewRecord, NotificationService, OtkState, OwnerPlainDataJson, PassIdpApiResult, PasswordChangeStatus, PasswordCheck, PasswordService, PermissionChoice, PersistService, Plan, Plan2Service, PlanService, PlanState, PlanStateField, ProfileDetailsService, ProfileService, QueryProcessorService, RecordAttachment, RecordAttachmentFilter, RecordAttachmentService, RecordContentFilter, RecordField, RecordFieldType, RecordFilter, RecordService, RecordType, RecordTypeField, RecordTypeFieldOption, RecordTypeService, RecordTypeSummary, RecoveryStatus, RegisterResult, RegisterService, RequestUserDeleteMutation, RespondOtkMutation, RevertFileQuery, ScenarioLastClaimState, ScenarioService, ScenarioState, ServerConfigService, ServerTimeQuery, SharedAccess, SharedContactCard2Service, StripeBillingPortalSession, StripeCheckoutSession, Subscription, TimeService, TpAssemblyState, TpClaimApproverState, TpClaimState, TpPasswordResetRequestService, TpPasswordResetService, TpPasswordResetUserService, TrustedParty2Service, TrustedPartyDetails, TwoFactorService, UnarchiveDirectoryMutation, UpdateCategoryMutation, UpdateContactCardMutation$1 as UpdateContactCardMutation, UpdateFileQuery, UpdateLbopQuery, UpdateRecordContainerMutation, UpdateRecordMutation, UpdatedCategory, UpdatedRecord, UserDeleteState, UserPlan, UserService, UserSharedKeyFields, Vault, VaultCategory, VaultFields, VaultRecord, VaultRecordType, WebCryptoService, awsFetch, configureAmplifyAuth, configureApollo, fragmentSpreadAstSelection, gqlTyped, handleApolloError, handleCognitoCallback, httpOptions, initialiseAuth, mapEdges, mapUserPlans, parentCategoriesField, processConnection, throwClaimIdMismatch, throwClaimNotApproved, ɵ0, KeyGraphService as ɵa, EncryptionService as ɵb, KeyService as ɵc, KeyFactoryService as ɵd, KeyMetaService as ɵe, LrGraphQLService as ɵf, TpPasswordResetProcessorService as ɵg, RunOutsideAngular as ɵh, TpPasswordResetAssemblyController as ɵi, TpAssemblyController as ɵj, LrService as ɵk, SharedContactCardService as ɵl, TrustedPartyService as ɵm, ScenarioAssemblyController as ɵn, TpPasswordResetPrivateService as ɵo };
|
|
13089
13108
|
//# sourceMappingURL=lifeready-core.js.map
|