@luigi-project/plugin-auth-oauth2 2.22.2-dev.20250790037 → 2.23.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/callback.html +32 -16
- package/package.json +1 -1
- package/plugin.js +1 -1
package/callback.html
CHANGED
|
@@ -1,15 +1,15 @@
|
|
|
1
|
-
<!
|
|
1
|
+
<!doctype html>
|
|
2
2
|
<html>
|
|
3
3
|
<head>
|
|
4
4
|
<meta http-equiv="Content-type" content="text/html;charset=UTF-8" />
|
|
5
5
|
<script type="text/javascript">
|
|
6
6
|
const tokenLifetimeDays = 7;
|
|
7
7
|
|
|
8
|
-
const getParameterByName = name => {
|
|
8
|
+
const getParameterByName = (name) => {
|
|
9
9
|
return new URLSearchParams(location.search).get(name);
|
|
10
10
|
};
|
|
11
11
|
|
|
12
|
-
const setAuthData = data => {
|
|
12
|
+
const setAuthData = (data) => {
|
|
13
13
|
const storageType = getParameterByName('storageType') || 'localStorage';
|
|
14
14
|
switch (storageType) {
|
|
15
15
|
case 'localStorage':
|
|
@@ -19,23 +19,23 @@
|
|
|
19
19
|
break;
|
|
20
20
|
default:
|
|
21
21
|
console.error(
|
|
22
|
-
'Configuration Error: Invalid auth.storage setting. Must be either localStorage or sessionStorage to be used with OAuth2 Provider.'
|
|
22
|
+
'Configuration Error: Invalid auth.storage setting. Must be either localStorage or sessionStorage to be used with OAuth2 Provider.',
|
|
23
23
|
);
|
|
24
24
|
}
|
|
25
25
|
};
|
|
26
26
|
|
|
27
27
|
const getHashParams = () => {
|
|
28
|
-
|
|
28
|
+
let hash = encodeURIComponent(window.location.hash.substring(1));
|
|
29
29
|
return decodeURIComponent(hash)
|
|
30
30
|
.split('&')
|
|
31
|
-
.reduce(function(result, item) {
|
|
31
|
+
.reduce(function (result, item) {
|
|
32
32
|
var parts = item.split('=');
|
|
33
33
|
result[parts[0]] = parts[1];
|
|
34
34
|
return result;
|
|
35
35
|
}, {});
|
|
36
36
|
};
|
|
37
37
|
|
|
38
|
-
const processExpDate = expiresInString => {
|
|
38
|
+
const processExpDate = (expiresInString) => {
|
|
39
39
|
let expirationDate;
|
|
40
40
|
const expiresIn = Number(expiresInString);
|
|
41
41
|
if (!isNaN(expiresIn) && expiresIn > 0) {
|
|
@@ -46,16 +46,16 @@
|
|
|
46
46
|
return expirationDate;
|
|
47
47
|
};
|
|
48
48
|
|
|
49
|
-
const parseJwt = token => {
|
|
49
|
+
const parseJwt = (token) => {
|
|
50
50
|
const base64Url = token.split('.')[1];
|
|
51
51
|
const base64 = base64Url.replace(/-/g, '+').replace(/_/g, '/');
|
|
52
52
|
const jsonPayload = decodeURIComponent(
|
|
53
53
|
atob(base64)
|
|
54
54
|
.split('')
|
|
55
|
-
.map(function(c) {
|
|
55
|
+
.map(function (c) {
|
|
56
56
|
return '%' + ('00' + c.charCodeAt(0).toString(16)).slice(-2);
|
|
57
57
|
})
|
|
58
|
-
.join('')
|
|
58
|
+
.join(''),
|
|
59
59
|
);
|
|
60
60
|
|
|
61
61
|
return JSON.parse(jsonPayload);
|
|
@@ -77,13 +77,13 @@
|
|
|
77
77
|
accessToken: token,
|
|
78
78
|
accessTokenExpirationDate: processExpDate(expires_in),
|
|
79
79
|
scope: hashParams['scope'],
|
|
80
|
-
idToken: hashParams['id_token']
|
|
80
|
+
idToken: hashParams['id_token'],
|
|
81
81
|
};
|
|
82
82
|
|
|
83
83
|
setAuthData(data);
|
|
84
84
|
|
|
85
85
|
const decodedState = atob(decodeURIComponent(hashParams['state'])).split(
|
|
86
|
-
'_luigiNonce='
|
|
86
|
+
'_luigiNonce=',
|
|
87
87
|
);
|
|
88
88
|
const appState = decodeURI(decodedState[0] || '');
|
|
89
89
|
const nonce = decodedState[1];
|
|
@@ -92,17 +92,33 @@
|
|
|
92
92
|
document.getElementsByTagName('body')[0].innerHTML =
|
|
93
93
|
'Something went wrong. Try to log in again.';
|
|
94
94
|
throw new Error(
|
|
95
|
-
'State parameter returned from the authorization endpoint does not match locally stored state. Aborting login process.'
|
|
95
|
+
'State parameter returned from the authorization endpoint does not match locally stored state. Aborting login process.',
|
|
96
96
|
);
|
|
97
97
|
}
|
|
98
98
|
|
|
99
|
-
|
|
99
|
+
const appStateUrl = new URL(appState);
|
|
100
|
+
if (appStateUrl.origin === window.location.origin) {
|
|
101
|
+
const newUrl = new URL(window.location.href);
|
|
102
|
+
newUrl.pathname = appStateUrl.pathname;
|
|
103
|
+
newUrl.search = appStateUrl.search;
|
|
104
|
+
newUrl.hash = appStateUrl.hash;
|
|
105
|
+
window.location.href = newUrl.href;
|
|
106
|
+
} else {
|
|
107
|
+
window.location.href = '/';
|
|
108
|
+
console.log(
|
|
109
|
+
`Preventing redirect to ${appState} as it does not match the current origin.`,
|
|
110
|
+
);
|
|
111
|
+
}
|
|
100
112
|
} else {
|
|
101
113
|
// else tree only applies to idtoken auths, I guess
|
|
102
114
|
const errorDescription = hashParams['error_description'];
|
|
103
115
|
console.error('error', errorDescription);
|
|
104
|
-
|
|
105
|
-
|
|
116
|
+
const params = new URLSearchParams();
|
|
117
|
+
params.set('error', error);
|
|
118
|
+
params.set('errorDescription', errorDescription);
|
|
119
|
+
const url = new URL('/', window.location.href);
|
|
120
|
+
url.search = params;
|
|
121
|
+
window.location.href = url.href;
|
|
106
122
|
}
|
|
107
123
|
}
|
|
108
124
|
</script>
|
package/package.json
CHANGED
package/plugin.js
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
!function(e,t){"object"==typeof exports&&"object"==typeof module?module.exports=t():"function"==typeof define&&define.amd?define([],t):"object"==typeof exports?exports["LuigiPlugin-auth-oauth2"]=t():e["LuigiPlugin-auth-oauth2"]=t()}(self,(
|
|
1
|
+
!function(e,t){"object"==typeof exports&&"object"==typeof module?module.exports=t():"function"==typeof define&&define.amd?define([],t):"object"==typeof exports?exports["LuigiPlugin-auth-oauth2"]=t():e["LuigiPlugin-auth-oauth2"]=t()}(self,(()=>(()=>{"use strict";var e={d:(t,n)=>{for(var o in n)e.o(n,o)&&!e.o(t,o)&&Object.defineProperty(t,o,{enumerable:!0,get:n[o]})},o:(e,t)=>Object.prototype.hasOwnProperty.call(e,t)},t={};function n(e,t){if(!(e instanceof t))throw new TypeError("Cannot call a class as a function")}function o(e){return o="function"==typeof Symbol&&"symbol"==typeof Symbol.iterator?function(e){return typeof e}:function(e){return e&&"function"==typeof Symbol&&e.constructor===Symbol&&e!==Symbol.prototype?"symbol":typeof e},o(e)}function i(e){var t=function(e){if("object"!==o(e)||null===e)return e;var t=e[Symbol.toPrimitive];if(void 0!==t){var n=t.call(e,"string");if("object"!==o(n))return n;throw new TypeError("@@toPrimitive must return a primitive value.")}return String(e)}(e);return"symbol"===o(t)?t:String(t)}function r(e,t){for(var n=0;n<t.length;n++){var o=t[n];o.enumerable=o.enumerable||!1,o.configurable=!0,"value"in o&&(o.writable=!0),Object.defineProperty(e,i(o.key),o)}}function a(e,t,n){return t&&r(e.prototype,t),n&&r(e,n),Object.defineProperty(e,"prototype",{writable:!1}),e}function u(e,t,n){return(t=i(t))in e?Object.defineProperty(e,t,{value:n,enumerable:!0,configurable:!0,writable:!0}):e[t]=n,e}e.d(t,{default:()=>s});var c=new(function(){function e(){n(this,e)}return a(e,[{key:"getRandomId",value:function(){return window.crypto.getRandomValues(new Uint32Array(1))[0]}},{key:"isFunction",value:function(e){return e&&"[object Function]"==={}.toString.call(e)}},{key:"isPromise",value:function(e){return e&&this.isFunction(e.then)}},{key:"isObject",value:function(e){return e&&"object"===o(e)&&!Array.isArray(e)}},{key:"deepMerge",value:function(e){for(var t=arguments.length,n=new Array(t>1?t-1:0),o=1;o<t;o++)n[o-1]=arguments[o];if(!n.length)return e;var i=n.shift();if(this.isObject(e)&&this.isObject(i))for(var r in i)this.isObject(i[r])?(e[r]||Object.assign(e,u({},r,{})),this.deepMerge(e[r],i[r])):Object.assign(e,u({},r,i[r]));return this.deepMerge.apply(this,[e].concat(n))}},{key:"prependOrigin",value:function(e){if(e.startsWith("http"))return e;var t=e.startsWith("/");return e.length?window.location.origin+(t?"":"/")+e:window.location.origin}}]),e}()),s=function(){function e(){var t=arguments.length>0&&void 0!==arguments[0]?arguments[0]:{};n(this,e);var o={oAuthData:{redirect_uri:window.location.origin+"/assets/auth-oauth2/callback.html",response_type:"id_token token",scope:""},authorizeMethod:"GET",logoutUrl:"",post_logout_redirect_uri:window.location.origin+"/logout.html",accessTokenExpiringNotificationTime:60,expirationCheckInterval:5},i=c.deepMerge(o,t);this.settings=i}return a(e,[{key:"getAuthData",value:function(){return Luigi.auth().store.getAuthData()}},{key:"parseIdToken",value:function(e){var t=e.split(".")[1].replace(/-/g,"+").replace(/_/g,"/");return JSON.parse(window.atob(t))}},{key:"userInfo",value:function(){var e=this;return new Promise((function(t,n){var o=e.getAuthData(),i=e.parseIdToken(o.idToken);t({email:i.email?i.email:"",name:i.name?i.name:""})}))}},{key:"login",value:function(){var e=this;return new Promise((function(t,n){var o=e.settings,i=o.nonceFn&&o.nonceFn()||e.generateNonce();sessionStorage.setItem("luigi.nonceValue",i),o.oAuthData.nonce||(o.oAuthData.nonce=i);var r=function(e,t){return Object.assign(document.createElement("input"),{name:e,id:e,value:t,type:"hidden"})},a=Object.assign(document.createElement("form"),{name:"signIn",id:"signIn",action:o.authorizeUrl,method:o.authorizeMethod,target:"_self"});for(var u in o.oAuthData.redirect_uri="".concat(c.prependOrigin(o.oAuthData.redirect_uri),"?storageType=").concat(Luigi.auth().store.getStorageType()),o.oAuthData.state=btoa(encodeURI(window.location.href)+"_luigiNonce="+i),o.oAuthData){var s=r(u,o.oAuthData[u]);a.appendChild(s.cloneNode())}document.getElementsByTagName("body")[0].appendChild(a),setTimeout((function(){document.querySelector("form#signIn").submit()})),document.querySelector("form#signIn").addEventListener("load",(function(t){console.info("load, e",t,e)}))}))}},{key:"logout",value:function(e,t){var n=this.settings,o="".concat(n.logoutUrl,"?id_token_hint=").concat(e.idToken,"&client_id=").concat(n.oAuthData.client_id,"&post_logout_redirect_uri=").concat(c.prependOrigin(n.post_logout_redirect_uri));t&&t(),setTimeout((function(){window.location.href=o}))}},{key:"setTokenExpirationAction",value:function(){var e=this;this.expirationCheckIntervalInstance=setInterval((function(){var t=e.getAuthData();if(!t)return clearInterval(e.expirationCheckIntervalInstance);if((t&&t.accessTokenExpirationDate||0)-new Date<5e3){clearInterval(e.expirationCheckIntervalInstance),Luigi.auth().store.removeAuthData();var n="".concat(e.settings.logoutUrl,"?error=tokenExpired&post_logout_redirect_uri=").concat(c.prependOrigin(e.settings.post_logout_redirect_uri));Luigi.auth().handleAuthEvent("onAuthExpired",e.settings,void 0,n)}}),5e3)}},{key:"setTokenExpireSoonAction",value:function(){var e=this,t=1e3*this.settings.accessTokenExpiringNotificationTime,n=1e3*this.settings.expirationCheckInterval,o=this.getAuthData();o&&(this.expirationSoonCheckIntervalInstance=setInterval((function(){(o&&o.accessTokenExpirationDate||0)-(new Date).getTime()<t&&(Luigi.auth().handleAuthEvent("onAuthExpireSoon",e.settings),clearInterval(e.expirationSoonCheckIntervalInstance))}),n))}},{key:"generateNonce",value:function(){var e=window.crypto;return Array.from(e.getRandomValues(new Uint8Array(20))).map((function(e){return"0123456789ABCDEFGHIJKLMNOPQRSTUVXYZabcdefghijklmnopqrstuvwxyz"[e%61]})).join("")}},{key:"resetExpirationChecks",value:function(){this.unload(),this.setTokenExpirationAction(),this.setTokenExpireSoonAction()}},{key:"unload",value:function(){clearInterval(this.expirationCheckIntervalInstance),clearInterval(this.expirationSoonCheckIntervalInstance)}}]),e}();return t.default})()));
|