@magda/auth-api-client 2.0.0-alpha.0 → 2.0.0-alpha.3

package/dist/index.d.ts

@@ -14,15 +14,6 @@ declare class ApiClient {
      * @memberof ApiClient
      */
     getUser(userId: string): Promise<Maybe<RequiredKeys<User, "id">>>;
-    /**
-     * Get the data of a user.
-     * (Deprecated) This is the public facing API and will return less fields.
-     *
-     * @param {string} userId
-     * @returns {Promise<Maybe<User>>}
-     * @memberof ApiClient
-     */
-    getUserPublic(userId: string): Promise<Maybe<RequiredKeys<User, "id">>>;
     /**
      * Lookup user by source (identity provider) & sourceId (identity ID)
      *
@@ -35,11 +26,11 @@ declare class ApiClient {
     /**
      * create a user
      *
-     * @param {User} user
-     * @returns {Promise<User>}
+     * @param {CreateUserData} user
+     * @returns {Promise<UserRecord>}
      * @memberof ApiClient
      */
-    createUser(user: User): Promise<RequiredKeys<User, "id">>;
+    createUser(user: CreateUserData): Promise<UserRecord>;
     /**
      * Add Roles to a user.
      * Returns a list of current role ids of the user.
@@ -135,10 +126,21 @@ declare class ApiClient {
      * @memberof ApiClient
      */
     getAllOrgUnitChildren(nodeId: string): Promise<OrgUnit[]>;
+    createOrgNode(parentNodeId: string, node: Partial<Omit<OrgUnitRecord, "id" | "createBy" | "createTime" | "editBy" | "editTime" | "left" | "right">>): Promise<OrgUnit>;
+    createRole(name: string, desc?: string): Promise<Role>;
+    createRolePermission(roleId: string, permissionData: CreateRolePermissionInputData): Promise<PermissionRecord>;
+    getOperationByUri(opUri: string): Promise<OperationRecord>;
+    getResourceByUri(resUri: string): Promise<ResourceRecord>;
     private handleGetResult;
 }
 export default ApiClient;
 
+declare interface CreateRolePermissionInputData extends Omit<PermissionRecord, "id" | "owner_id" | "create_by" | "create_time" | "edit_by" | "edit_time"> {
+    operationIds: string[];
+}
+
+declare type CreateUserData = Partial<Omit<UserRecord, "email" | "displayName" | "id">> & Pick<UserRecord, "displayName" | "email">;
+
 declare interface Eq<T> {
     equals(t: T): boolean;
 }
@@ -206,22 +208,33 @@ export declare interface Operation {
     description?: string;
 }
 
+declare type OperationRecord = {
+    id: string;
+    uri: string;
+    name: string;
+    description: string;
+    resource_id: string;
+};
+
 declare interface OptionalMaybePatterns<T, U> {
     just?: (t: T) => U;
     nothing?: () => U;
 }
 
-export declare interface OrgUnit {
-    id?: string;
-    name?: string;
-    description?: string;
+export declare type OrgUnit = Partial<OrgUnitRecord> & {
     relationship?: OrgUnitRelationshipType;
-    left?: number;
-    right?: number;
-    createBy?: string;
-    createTime?: Date;
-    editBy?: string;
-    editTime?: Date;
+};
+
+declare interface OrgUnitRecord {
+    id: string;
+    name: string;
+    description: string;
+    left: number;
+    right: number;
+    createBy: string;
+    createTime: Date;
+    editBy: string;
+    editTime: Date;
 }
 
 export declare type OrgUnitRelationshipType = "ancestor" | "descendant" | "equal" | "unrelated";
@@ -242,20 +255,37 @@ export declare interface Permission {
     editTime?: Date;
 }
 
-export declare interface PublicUser {
-    id?: string;
-    displayName: string;
-    photoURL?: string;
-    isAdmin: boolean;
+declare interface PermissionRecord {
+    id: string;
+    name: string;
+    description: string;
+    resource_id: string;
+    user_ownership_constraint: boolean;
+    org_unit_ownership_constraint: boolean;
+    pre_authorised_constraint: boolean;
+    owner_id: string;
+    create_time: string;
+    create_by: string;
+    edit_time: string;
+    edit_by: string;
+}
+
+export declare type PublicUser = Partial<Pick<UserRecord, "id" | "photoURL" | "orgUnitId">> & Omit<UserRecord, "id" | "photoURL" | "orgUnitId" | "email" | "source" | "sourceId"> & {
     roles?: Role[];
     permissions?: Permission[];
     managingOrgUnitIds?: string[];
-    orgUnitId?: string;
     orgUnit?: OrgUnit;
-}
+};
 
 declare type RequiredKeys<T, K extends keyof T> = Omit<T, K> & Required<Pick<T, K>>;
 
+declare type ResourceRecord = {
+    id: string;
+    uri: string;
+    name: string;
+    description: string;
+};
+
 export declare interface Role {
     id: string;
     name: string;
@@ -267,7 +297,14 @@ export declare interface Role {
     editTime?: Date;
 }
 
-export declare interface User extends PublicUser {
+export declare type User = PublicUser & Pick<UserRecord, "email" | "source" | "sourceId">;
+
+declare interface UserRecord {
+    id: string;
+    displayName: string;
+    photoURL: string;
+    isAdmin: boolean;
+    orgUnitId: string;
     email: string;
     source: string;
     sourceId: string;

package/dist/index.js

@@ -1806,7 +1806,7 @@ var __WEBPACK_AMD_DEFINE_FACTORY__, __WEBPACK_AMD_DEFINE_RESULT__;/*!
  * URI.js - Mutating URLs
  * IPv6 Support
  *
- * Version: 1.19.5
+ * Version: 1.19.11
  *
  * Author: Rodney Rehm
  * Web: http://medialize.github.io/URI.js/
@@ -1998,7 +1998,7 @@ var __WEBPACK_AMD_DEFINE_FACTORY__, __WEBPACK_AMD_DEFINE_RESULT__;/*!
  * URI.js - Mutating URLs
  * Second Level Domain (SLD) Support
  *
- * Version: 1.19.5
+ * Version: 1.19.11
  *
  * Author: Rodney Rehm
  * Web: http://medialize.github.io/URI.js/
@@ -2281,9 +2281,10 @@ const isomorphic_fetch_1 = __importDefault(__webpack_require__(30));
 const tsmonad_1 = __webpack_require__(15);
 const lodash_1 = __importDefault(__webpack_require__(59));
 const buildJwt_1 = __importDefault(__webpack_require__(60));
-const GenericError_1 = __importDefault(__webpack_require__(79));
-const addTrailingSlash_1 = __importDefault(__webpack_require__(80));
-const urijs_1 = __importDefault(__webpack_require__(81));
+const addTrailingSlash_1 = __importDefault(__webpack_require__(79));
+const urijs_1 = __importDefault(__webpack_require__(80));
+const ServerError_1 = __importDefault(__webpack_require__(81));
+const isUuid_1 = __importDefault(__webpack_require__(82));
 class ApiClient {
     constructor(
     // e.g. http://authorization-api/v0
@@ -2295,14 +2296,29 @@ class ApiClient {
         if (jwtSecret && userId) {
             this.jwt = buildJwt_1.default(jwtSecret, userId);
         }
-        this.requestInitOption = {
-            headers: {
-                "X-Magda-Session": this.jwt
-            }
-        };
+        if (this.jwt) {
+            this.requestInitOption = {
+                headers: {
+                    "X-Magda-Session": this.jwt
+                }
+            };
+        }
     }
     getMergeRequestInitOption(extraOptions = null) {
-        return lodash_1.default.merge({}, this.requestInitOption, extraOptions);
+        let defaultContentTypeCfg = {};
+        if ((extraOptions === null || extraOptions === void 0 ? void 0 : extraOptions.body) &&
+            (!(extraOptions === null || extraOptions === void 0 ? void 0 : extraOptions.headers) ||
+                (typeof extraOptions.headers === "object" &&
+                    Object.keys(extraOptions.headers)
+                        .map((key) => key.toLowerCase())
+                        .indexOf("content-type") == -1))) {
+            defaultContentTypeCfg = {
+                headers: {
+                    "Content-Type": "application/json"
+                }
+            };
+        }
+        return lodash_1.default.merge({}, this.requestInitOption, extraOptions, defaultContentTypeCfg);
     }
     processJsonResponse(res) {
         return __awaiter(this, void 0, void 0, function* () {
@@ -2310,8 +2326,8 @@ class ApiClient {
                 return (yield res.json());
             }
             else {
-                const responseText = (yield res.text()).replace(/<(.|\n)*?>/g, "");
-                throw new GenericError_1.default(responseText, res.status);
+                const responseText = yield res.text();
+                throw new ServerError_1.default(`Error: ${res.statusText}. ${responseText.replace(/<(.|\n)*?>/g, "")}`, res.status);
             }
         });
     }
@@ -2323,19 +2339,6 @@ class ApiClient {
      * @memberof ApiClient
      */
     getUser(userId) {
-        return __awaiter(this, void 0, void 0, function* () {
-            return yield this.handleGetResult(isomorphic_fetch_1.default(`${this.baseUrl}private/users/${userId}`, this.getMergeRequestInitOption()));
-        });
-    }
-    /**
-     * Get the data of a user.
-     * (Deprecated) This is the public facing API and will return less fields.
-     *
-     * @param {string} userId
-     * @returns {Promise<Maybe<User>>}
-     * @memberof ApiClient
-     */
-    getUserPublic(userId) {
         return __awaiter(this, void 0, void 0, function* () {
             return yield this.handleGetResult(isomorphic_fetch_1.default(`${this.baseUrl}public/users/${userId}`, this.getMergeRequestInitOption()));
         });
@@ -2356,14 +2359,14 @@ class ApiClient {
     /**
      * create a user
      *
-     * @param {User} user
-     * @returns {Promise<User>}
+     * @param {CreateUserData} user
+     * @returns {Promise<UserRecord>}
      * @memberof ApiClient
      */
     createUser(user) {
         return __awaiter(this, void 0, void 0, function* () {
             try {
-                const res = yield isomorphic_fetch_1.default(`${this.baseUrl}private/users`, this.getMergeRequestInitOption({
+                const res = yield isomorphic_fetch_1.default(`${this.baseUrl}public/users`, this.getMergeRequestInitOption({
                     method: "POST",
                     headers: {
                         "Content-Type": "application/json"
@@ -2371,10 +2374,10 @@ class ApiClient {
                     body: JSON.stringify(user)
                 }));
                 if (res.status >= 400) {
-                    throw new Error(`Encountered error ${res.status} when POSTing new user to ${this.baseUrl}/private/users`);
+                    throw new Error(`Encountered error ${res.status}: ${yield res.text()} when creating new user to ${this.baseUrl}public/users`);
                 }
                 const resData = yield res.json();
-                return Object.assign(Object.assign({}, user), resData);
+                return resData;
             }
             catch (e) {
                 console.error(e);
@@ -2393,7 +2396,7 @@ class ApiClient {
      */
     addUserRoles(userId, roleIds) {
         return __awaiter(this, void 0, void 0, function* () {
-            const res = yield isomorphic_fetch_1.default(`${this.baseUrl}public/user/${userId}/roles`, this.getMergeRequestInitOption({
+            const res = yield isomorphic_fetch_1.default(`${this.baseUrl}public/users/${userId}/roles`, this.getMergeRequestInitOption({
                 method: "POST",
                 headers: {
                     "Content-Type": "application/json"
@@ -2432,7 +2435,7 @@ class ApiClient {
      */
     getUserRoles(userId) {
         return __awaiter(this, void 0, void 0, function* () {
-            const res = yield isomorphic_fetch_1.default(`${this.baseUrl}public/user/${userId}/roles`, this.getMergeRequestInitOption());
+            const res = yield isomorphic_fetch_1.default(`${this.baseUrl}public/users/${userId}/roles`, this.getMergeRequestInitOption());
             return yield this.processJsonResponse(res);
         });
     }
@@ -2445,7 +2448,7 @@ class ApiClient {
      */
     getUserPermissions(userId) {
         return __awaiter(this, void 0, void 0, function* () {
-            const res = yield isomorphic_fetch_1.default(`${this.baseUrl}public/user/${userId}/permissions`, this.getMergeRequestInitOption());
+            const res = yield isomorphic_fetch_1.default(`${this.baseUrl}public/users/${userId}/permissions`, this.getMergeRequestInitOption());
             return yield this.processJsonResponse(res);
         });
     }
@@ -2458,7 +2461,7 @@ class ApiClient {
      */
     getRolePermissions(roleId) {
         return __awaiter(this, void 0, void 0, function* () {
-            const res = yield isomorphic_fetch_1.default(`${this.baseUrl}public/role/${roleId}/permissions`, this.getMergeRequestInitOption());
+            const res = yield isomorphic_fetch_1.default(`${this.baseUrl}public/roles/${roleId}/permissions`, this.getMergeRequestInitOption());
             return yield this.processJsonResponse(res);
         });
     }
@@ -2568,6 +2571,60 @@ class ApiClient {
             return yield this.processJsonResponse(res);
         });
     }
+    createOrgNode(parentNodeId, node) {
+        return __awaiter(this, void 0, void 0, function* () {
+            const uri = urijs_1.default(`${this.baseUrl}public/orgunits`)
+                .segmentCoded(parentNodeId)
+                .segmentCoded("insert");
+            const res = yield isomorphic_fetch_1.default(uri.toString(), this.getMergeRequestInitOption({
+                method: "post",
+                body: JSON.stringify(node)
+            }));
+            return yield this.processJsonResponse(res);
+        });
+    }
+    createRole(name, desc) {
+        return __awaiter(this, void 0, void 0, function* () {
+            const uri = urijs_1.default(`${this.baseUrl}public/roles`);
+            const res = yield isomorphic_fetch_1.default(uri.toString(), this.getMergeRequestInitOption({
+                method: "post",
+                body: JSON.stringify({
+                    name,
+                    description: desc ? desc : ""
+                })
+            }));
+            return yield this.processJsonResponse(res);
+        });
+    }
+    createRolePermission(roleId, permissionData) {
+        return __awaiter(this, void 0, void 0, function* () {
+            if (!isUuid_1.default(roleId)) {
+                throw new ServerError_1.default(`roleId: ${roleId} is not a valid UUID.`);
+            }
+            const uri = urijs_1.default(`${this.baseUrl}public/roles`)
+                .segmentCoded(roleId)
+                .segmentCoded("permissions");
+            const res = yield isomorphic_fetch_1.default(uri.toString(), this.getMergeRequestInitOption({
+                method: "post",
+                body: JSON.stringify(permissionData)
+            }));
+            return yield this.processJsonResponse(res);
+        });
+    }
+    getOperationByUri(opUri) {
+        return __awaiter(this, void 0, void 0, function* () {
+            const uri = urijs_1.default(`${this.baseUrl}public/operations/byUri/${opUri}`);
+            const res = yield isomorphic_fetch_1.default(uri.toString(), this.getMergeRequestInitOption());
+            return yield this.processJsonResponse(res);
+        });
+    }
+    getResourceByUri(resUri) {
+        return __awaiter(this, void 0, void 0, function* () {
+            const uri = urijs_1.default(`${this.baseUrl}public/resources/byUri/${resUri}`);
+            const res = yield isomorphic_fetch_1.default(uri.toString(), this.getMergeRequestInitOption());
+            return yield this.processJsonResponse(res);
+        });
+    }
     handleGetResult(promise) {
         return __awaiter(this, void 0, void 0, function* () {
             return promise
@@ -6021,14 +6078,15 @@ Request.prototype.clone = function() {
   var undefined;
 
   /** Used as the semantic version number. */
-  var VERSION = '4.17.15';
+  var VERSION = '4.17.21';
 
   /** Used as the size to enable large array optimizations. */
   var LARGE_ARRAY_SIZE = 200;
 
   /** Error message constants. */
   var CORE_ERROR_TEXT = 'Unsupported core-js use. Try https://npms.io/search?q=ponyfill.',
-      FUNC_ERROR_TEXT = 'Expected a function';
+      FUNC_ERROR_TEXT = 'Expected a function',
+      INVALID_TEMPL_VAR_ERROR_TEXT = 'Invalid `variable` option passed into `_.template`';
 
   /** Used to stand-in for `undefined` hash values. */
   var HASH_UNDEFINED = '__lodash_hash_undefined__';
@@ -6161,10 +6219,11 @@ Request.prototype.clone = function() {
   var reRegExpChar = /[\\^$.*+?()[\]{}|]/g,
       reHasRegExpChar = RegExp(reRegExpChar.source);
 
-  /** Used to match leading and trailing whitespace. */
-  var reTrim = /^\s+|\s+$/g,
-      reTrimStart = /^\s+/,
-      reTrimEnd = /\s+$/;
+  /** Used to match leading whitespace. */
+  var reTrimStart = /^\s+/;
+
+  /** Used to match a single whitespace character. */
+  var reWhitespace = /\s/;
 
   /** Used to match wrap detail comments. */
   var reWrapComment = /\{(?:\n\/\* \[wrapped with .+\] \*\/)?\n?/,
@@ -6174,6 +6233,18 @@ Request.prototype.clone = function() {
   /** Used to match words composed of alphanumeric characters. */
   var reAsciiWord = /[^\x00-\x2f\x3a-\x40\x5b-\x60\x7b-\x7f]+/g;
 
+  /**
+   * Used to validate the `validate` option in `_.template` variable.
+   *
+   * Forbids characters which could potentially change the meaning of the function argument definition:
+   * - "()," (modification of function parameters)
+   * - "=" (default value)
+   * - "[]{}" (destructuring of function parameters)
+   * - "/" (beginning of a comment)
+   * - whitespace
+   */
+  var reForbiddenIdentifierChars = /[()=,{}\[\]\/\s]/;
+
   /** Used to match backslashes in property paths. */
   var reEscapeChar = /\\(\\)?/g;
 
@@ -7002,6 +7073,19 @@ Request.prototype.clone = function() {
     });
   }
 
+  /**
+   * The base implementation of `_.trim`.
+   *
+   * @private
+   * @param {string} string The string to trim.
+   * @returns {string} Returns the trimmed string.
+   */
+  function baseTrim(string) {
+    return string
+      ? string.slice(0, trimmedEndIndex(string) + 1).replace(reTrimStart, '')
+      : string;
+  }
+
   /**
    * The base implementation of `_.unary` without support for storing metadata.
    *
@@ -7335,6 +7419,21 @@ Request.prototype.clone = function() {
       : asciiToArray(string);
   }
 
+  /**
+   * Used by `_.trim` and `_.trimEnd` to get the index of the last non-whitespace
+   * character of `string`.
+   *
+   * @private
+   * @param {string} string The string to inspect.
+   * @returns {number} Returns the index of the last non-whitespace character.
+   */
+  function trimmedEndIndex(string) {
+    var index = string.length;
+
+    while (index-- && reWhitespace.test(string.charAt(index))) {}
+    return index;
+  }
+
   /**
    * Used by `_.unescape` to convert HTML entities to characters.
    *
@@ -9728,8 +9827,21 @@ Request.prototype.clone = function() {
      * @returns {Array} Returns the new sorted array.
      */
     function baseOrderBy(collection, iteratees, orders) {
+      if (iteratees.length) {
+        iteratees = arrayMap(iteratees, function(iteratee) {
+          if (isArray(iteratee)) {
+            return function(value) {
+              return baseGet(value, iteratee.length === 1 ? iteratee[0] : iteratee);
+            }
+          }
+          return iteratee;
+        });
+      } else {
+        iteratees = [identity];
+      }
+
       var index = -1;
-      iteratees = arrayMap(iteratees.length ? iteratees : [identity], baseUnary(getIteratee()));
+      iteratees = arrayMap(iteratees, baseUnary(getIteratee()));
 
       var result = baseMap(collection, function(value, key, collection) {
         var criteria = arrayMap(iteratees, function(iteratee) {
@@ -9986,6 +10098,10 @@ Request.prototype.clone = function() {
         var key = toKey(path[index]),
             newValue = value;
 
+        if (key === '__proto__' || key === 'constructor' || key === 'prototype') {
+          return object;
+        }
+
         if (index != lastIndex) {
           var objValue = nested[key];
           newValue = customizer ? customizer(objValue, key, nested) : undefined;
@@ -10138,11 +10254,14 @@ Request.prototype.clone = function() {
      *  into `array`.
      */
     function baseSortedIndexBy(array, value, iteratee, retHighest) {
-      value = iteratee(value);
-
       var low = 0,
-          high = array == null ? 0 : array.length,
-          valIsNaN = value !== value,
+          high = array == null ? 0 : array.length;
+      if (high === 0) {
+        return 0;
+      }
+
+      value = iteratee(value);
+      var valIsNaN = value !== value,
           valIsNull = value === null,
           valIsSymbol = isSymbol(value),
           valIsUndefined = value === undefined;
@@ -11627,10 +11746,11 @@ Request.prototype.clone = function() {
       if (arrLength != othLength && !(isPartial && othLength > arrLength)) {
         return false;
       }
-      // Assume cyclic values are equal.
-      var stacked = stack.get(array);
-      if (stacked && stack.get(other)) {
-        return stacked == other;
+      // Check that cyclic values are equal.
+      var arrStacked = stack.get(array);
+      var othStacked = stack.get(other);
+      if (arrStacked && othStacked) {
+        return arrStacked == other && othStacked == array;
       }
       var index = -1,
           result = true,
@@ -11792,10 +11912,11 @@ Request.prototype.clone = function() {
           return false;
         }
       }
-      // Assume cyclic values are equal.
-      var stacked = stack.get(object);
-      if (stacked && stack.get(other)) {
-        return stacked == other;
+      // Check that cyclic values are equal.
+      var objStacked = stack.get(object);
+      var othStacked = stack.get(other);
+      if (objStacked && othStacked) {
+        return objStacked == other && othStacked == object;
       }
       var result = true;
       stack.set(object, other);
@@ -15176,6 +15297,10 @@ Request.prototype.clone = function() {
      * // The `_.property` iteratee shorthand.
      * _.filter(users, 'active');
      * // => objects for ['barney']
+     *
+     * // Combining several predicates using `_.overEvery` or `_.overSome`.
+     * _.filter(users, _.overSome([{ 'age': 36 }, ['age', 40]]));
+     * // => objects for ['fred', 'barney']
      */
     function filter(collection, predicate) {
       var func = isArray(collection) ? arrayFilter : baseFilter;
@@ -15925,15 +16050,15 @@ Request.prototype.clone = function() {
      * var users = [
      *   { 'user': 'fred',   'age': 48 },
      *   { 'user': 'barney', 'age': 36 },
-     *   { 'user': 'fred',   'age': 40 },
+     *   { 'user': 'fred',   'age': 30 },
      *   { 'user': 'barney', 'age': 34 }
      * ];
      *
      * _.sortBy(users, [function(o) { return o.user; }]);
-     * // => objects for [['barney', 36], ['barney', 34], ['fred', 48], ['fred', 40]]
+     * // => objects for [['barney', 36], ['barney', 34], ['fred', 48], ['fred', 30]]
      *
      * _.sortBy(users, ['user', 'age']);
-     * // => objects for [['barney', 34], ['barney', 36], ['fred', 40], ['fred', 48]]
+     * // => objects for [['barney', 34], ['barney', 36], ['fred', 30], ['fred', 48]]
      */
     var sortBy = baseRest(function(collection, iteratees) {
       if (collection == null) {
@@ -18477,7 +18602,7 @@ Request.prototype.clone = function() {
       if (typeof value != 'string') {
         return value === 0 ? value : +value;
       }
-      value = value.replace(reTrim, '');
+      value = baseTrim(value);
       var isBinary = reIsBinary.test(value);
       return (isBinary || reIsOctal.test(value))
         ? freeParseInt(value.slice(2), isBinary ? 2 : 8)
@@ -20808,11 +20933,11 @@ Request.prototype.clone = function() {
 
       // Use a sourceURL for easier debugging.
       // The sourceURL gets injected into the source that's eval-ed, so be careful
-      // with lookup (in case of e.g. prototype pollution), and strip newlines if any.
-      // A newline wouldn't be a valid sourceURL anyway, and it'd enable code injection.
+      // to normalize all kinds of whitespace, so e.g. newlines (and unicode versions of it) can't sneak in
+      // and escape the comment, thus injecting code that gets evaled.
       var sourceURL = '//# sourceURL=' +
         (hasOwnProperty.call(options, 'sourceURL')
-          ? (options.sourceURL + '').replace(/[\r\n]/g, ' ')
+          ? (options.sourceURL + '').replace(/\s/g, ' ')
           : ('lodash.templateSources[' + (++templateCounter) + ']')
         ) + '\n';
 
@@ -20845,12 +20970,16 @@ Request.prototype.clone = function() {
 
       // If `variable` is not specified wrap a with-statement around the generated
       // code to add the data object to the top of the scope chain.
-      // Like with sourceURL, we take care to not check the option's prototype,
-      // as this configuration is a code injection vector.
       var variable = hasOwnProperty.call(options, 'variable') && options.variable;
       if (!variable) {
         source = 'with (obj) {\n' + source + '\n}\n';
       }
+      // Throw an error if a forbidden character was found in `variable`, to prevent
+      // potential command injection attacks.
+      else if (reForbiddenIdentifierChars.test(variable)) {
+        throw new Error(INVALID_TEMPL_VAR_ERROR_TEXT);
+      }
+
       // Cleanup code by stripping empty strings.
       source = (isEvaluating ? source.replace(reEmptyStringLeading, '') : source)
         .replace(reEmptyStringMiddle, '$1')
@@ -20964,7 +21093,7 @@ Request.prototype.clone = function() {
     function trim(string, chars, guard) {
       string = toString(string);
       if (string && (guard || chars === undefined)) {
-        return string.replace(reTrim, '');
+        return baseTrim(string);
       }
       if (!string || !(chars = baseToString(chars))) {
         return string;
@@ -20999,7 +21128,7 @@ Request.prototype.clone = function() {
     function trimEnd(string, chars, guard) {
       string = toString(string);
       if (string && (guard || chars === undefined)) {
-        return string.replace(reTrimEnd, '');
+        return string.slice(0, trimmedEndIndex(string) + 1);
       }
       if (!string || !(chars = baseToString(chars))) {
         return string;
@@ -21553,6 +21682,9 @@ Request.prototype.clone = function() {
      * values against any array or object value, respectively. See `_.isEqual`
      * for a list of supported value comparisons.
      *
+     * **Note:** Multiple values can be checked by combining several matchers
+     * using `_.overSome`
+     *
      * @static
      * @memberOf _
      * @since 3.0.0
@@ -21568,6 +21700,10 @@ Request.prototype.clone = function() {
      *
      * _.filter(objects, _.matches({ 'a': 4, 'c': 6 }));
      * // => [{ 'a': 4, 'b': 5, 'c': 6 }]
+     *
+     * // Checking for several possible values
+     * _.filter(objects, _.overSome([_.matches({ 'a': 1 }), _.matches({ 'a': 4 })]));
+     * // => [{ 'a': 1, 'b': 2, 'c': 3 }, { 'a': 4, 'b': 5, 'c': 6 }]
      */
     function matches(source) {
       return baseMatches(baseClone(source, CLONE_DEEP_FLAG));
@@ -21582,6 +21718,9 @@ Request.prototype.clone = function() {
      * `srcValue` values against any array or object value, respectively. See
      * `_.isEqual` for a list of supported value comparisons.
      *
+     * **Note:** Multiple values can be checked by combining several matchers
+     * using `_.overSome`
+     *
      * @static
      * @memberOf _
      * @since 3.2.0
@@ -21598,6 +21737,10 @@ Request.prototype.clone = function() {
      *
      * _.find(objects, _.matchesProperty('a', 4));
      * // => { 'a': 4, 'b': 5, 'c': 6 }
+     *
+     * // Checking for several possible values
+     * _.filter(objects, _.overSome([_.matchesProperty('a', 1), _.matchesProperty('a', 4)]));
+     * // => [{ 'a': 1, 'b': 2, 'c': 3 }, { 'a': 4, 'b': 5, 'c': 6 }]
      */
     function matchesProperty(path, srcValue) {
       return baseMatchesProperty(path, baseClone(srcValue, CLONE_DEEP_FLAG));
@@ -21821,6 +21964,10 @@ Request.prototype.clone = function() {
      * Creates a function that checks if **all** of the `predicates` return
      * truthy when invoked with the arguments it receives.
      *
+     * Following shorthands are possible for providing predicates.
+     * Pass an `Object` and it will be used as an parameter for `_.matches` to create the predicate.
+     * Pass an `Array` of parameters for `_.matchesProperty` and the predicate will be created using them.
+     *
      * @static
      * @memberOf _
      * @since 4.0.0
@@ -21847,6 +21994,10 @@ Request.prototype.clone = function() {
      * Creates a function that checks if **any** of the `predicates` return
      * truthy when invoked with the arguments it receives.
      *
+     * Following shorthands are possible for providing predicates.
+     * Pass an `Object` and it will be used as an parameter for `_.matches` to create the predicate.
+     * Pass an `Array` of parameters for `_.matchesProperty` and the predicate will be created using them.
+     *
      * @static
      * @memberOf _
      * @since 4.0.0
@@ -21866,6 +22017,9 @@ Request.prototype.clone = function() {
      *
      * func(NaN);
      * // => false
+     *
+     * var matchesFunc = _.overSome([{ 'a': 1 }, { 'a': 2 }])
+     * var matchesPropertyFunc = _.overSome([['a', 1], ['a', 2]])
      */
     var overSome = createOver(arraySome);
 
@@ -27465,29 +27619,6 @@ module.exports = once;
 
 "use strict";
 
-Object.defineProperty(exports, "__esModule", { value: true });
-class GenericError extends Error {
-    constructor(message = "Unknown Error", statusCode = 500) {
-        super(message);
-        this.statusCode = statusCode;
-    }
-    toData() {
-        return {
-            isError: true,
-            errorCode: this.statusCode,
-            errorMessage: this.message
-        };
-    }
-}
-exports.default = GenericError;
-//# sourceMappingURL=GenericError.js.map
-
-/***/ }),
-/* 80 */
-/***/ (function(module, exports, __webpack_require__) {
-
-"use strict";
-
 Object.defineProperty(exports, "__esModule", { value: true });
 function addTrailingSlash(url) {
     if (!url) {
@@ -27504,13 +27635,13 @@ exports.default = addTrailingSlash;
 //# sourceMappingURL=addTrailingSlash.js.map
 
 /***/ }),
-/* 81 */
+/* 80 */
 /***/ (function(module, exports, __webpack_require__) {
 
 var __WEBPACK_AMD_DEFINE_FACTORY__, __WEBPACK_AMD_DEFINE_ARRAY__, __WEBPACK_AMD_DEFINE_RESULT__;/*!
  * URI.js - Mutating URLs
  *
- * Version: 1.19.5
+ * Version: 1.19.11
  *
  * Author: Rodney Rehm
  * Web: http://medialize.github.io/URI.js/
@@ -27590,7 +27721,7 @@ var __WEBPACK_AMD_DEFINE_FACTORY__, __WEBPACK_AMD_DEFINE_ARRAY__, __WEBPACK_AMD_
     return /^[0-9]+$/.test(value);
   }
 
-  URI.version = '1.19.5';
+  URI.version = '1.19.11';
 
   var p = URI.prototype;
   var hasOwn = Object.prototype.hasOwnProperty;
@@ -27748,6 +27879,9 @@ var __WEBPACK_AMD_DEFINE_FACTORY__, __WEBPACK_AMD_DEFINE_ARRAY__, __WEBPACK_AMD_
     // balanced parens inclusion (), [], {}, <>
     parens: /(\([^\)]*\)|\[[^\]]*\]|\{[^}]*\}|<[^>]*>)/g,
   };
+  URI.leading_whitespace_expression = /^[\x00-\x20\u00a0\u1680\u2000-\u200a\u2028\u2029\u202f\u205f\u3000\ufeff]+/
+  // https://infra.spec.whatwg.org/#ascii-tab-or-newline
+  URI.ascii_tab_whitespace = /[\u0009\u000A\u000D]+/g
   // http://www.iana.org/assignments/uri-schemes.html
   // http://en.wikipedia.org/wiki/List_of_TCP_and_UDP_port_numbers#Well-known_ports
   URI.defaultPorts = {
@@ -28003,6 +28137,11 @@ var __WEBPACK_AMD_DEFINE_FACTORY__, __WEBPACK_AMD_DEFINE_ARRAY__, __WEBPACK_AMD_
         preventInvalidHostname: URI.preventInvalidHostname
       };
     }
+
+    string = string.replace(URI.leading_whitespace_expression, '')
+    // https://infra.spec.whatwg.org/#ascii-tab-or-newline
+    string = string.replace(URI.ascii_tab_whitespace, '')
+
     // [protocol"://"[username[":"password]"@"]hostname[":"port]"/"?][path]["?"querystring]["#"fragment]
 
     // extract fragment
@@ -28021,6 +28160,11 @@ var __WEBPACK_AMD_DEFINE_FACTORY__, __WEBPACK_AMD_DEFINE_ARRAY__, __WEBPACK_AMD_
       string = string.substring(0, pos);
     }
 
+    // slashes and backslashes have lost all meaning for the web protocols (https, http, wss, ws)
+    string = string.replace(/^(https?|ftp|wss?)?:+[/\\]*/i, '$1://');
+    // slashes and backslashes have lost all meaning for scheme relative URLs
+    string = string.replace(/^[/\\]{2,}/i, '//');
+
     // extract protocol
     if (string.substring(0, 2) === '//') {
       // relative-scheme
@@ -28035,7 +28179,7 @@ var __WEBPACK_AMD_DEFINE_FACTORY__, __WEBPACK_AMD_DEFINE_ARRAY__, __WEBPACK_AMD_
         if (parts.protocol && !parts.protocol.match(URI.protocol_expression)) {
           // : may be within the path
           parts.protocol = undefined;
-        } else if (string.substring(pos + 1, pos + 3) === '//') {
+        } else if (string.substring(pos + 1, pos + 3).replace(/\\/g, '/') === '//') {
           string = string.substring(pos + 3);
 
           // extract "user:pass@host:port"
@@ -28167,7 +28311,10 @@ var __WEBPACK_AMD_DEFINE_FACTORY__, __WEBPACK_AMD_DEFINE_ARRAY__, __WEBPACK_AMD_
       // no "=" is null according to http://dvcs.w3.org/hg/url/raw-file/tip/Overview.html#collect-url-parameters
       value = v.length ? URI.decodeQuery(v.join('='), escapeQuerySpace) : null;
 
-      if (hasOwn.call(items, name)) {
+      if (name === '__proto__') {
+        // ignore attempt at exploiting JavaScript internals
+        continue;
+      } else if (hasOwn.call(items, name)) {
         if (typeof items[name] === 'string' || items[name] === null) {
           items[name] = [items[name]];
         }
@@ -28260,7 +28407,10 @@ var __WEBPACK_AMD_DEFINE_FACTORY__, __WEBPACK_AMD_DEFINE_ARRAY__, __WEBPACK_AMD_
     var t = '';
     var unique, key, i, length;
     for (key in data) {
-      if (hasOwn.call(data, key)) {
+      if (key === '__proto__') {
+        // ignore attempt at exploiting JavaScript internals
+        continue;
+      } else if (hasOwn.call(data, key)) {
         if (isArray(data[key])) {
           unique = {};
           for (i = 0, length = data[key].length; i < length; i++) {
@@ -29854,6 +30004,41 @@ var __WEBPACK_AMD_DEFINE_FACTORY__, __WEBPACK_AMD_DEFINE_ARRAY__, __WEBPACK_AMD_
 }));
 
 
+/***/ }),
+/* 81 */
+/***/ (function(module, exports, __webpack_require__) {
+
+"use strict";
+
+Object.defineProperty(exports, "__esModule", { value: true });
+class ServerError extends Error {
+    constructor(message = "Unknown Error", statusCode = 500) {
+        super(message);
+        this.statusCode = statusCode;
+    }
+    toData() {
+        return {
+            isError: true,
+            errorCode: this.statusCode,
+            errorMessage: this.message
+        };
+    }
+}
+exports.default = ServerError;
+//# sourceMappingURL=ServerError.js.map
+
+/***/ }),
+/* 82 */
+/***/ (function(module, exports, __webpack_require__) {
+
+"use strict";
+
+Object.defineProperty(exports, "__esModule", { value: true });
+const uuidRegEx = /^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$/i;
+const isUuid = (id) => typeof id === "string" && uuidRegEx.test(id);
+exports.default = isUuid;
+//# sourceMappingURL=isUuid.js.map
+
 /***/ })
 /******/ ]);
 });

package/package.json

@@ -1,7 +1,7 @@
 {
   "name": "@magda/auth-api-client",
   "description": "MAGDA Auth API Client",
-  "version": "2.0.0-alpha.0",
+  "version": "2.0.0-alpha.3",
   "scripts": {
     "prebuild": "rimraf dist tsconfig.tsbuildinfo",
     "build": "webpack && api-extractor run -l",
@@ -12,7 +12,7 @@
   "main": "dist/index.js",
   "types": "dist/index.d.ts",
   "devDependencies": {
-    "@magda/typescript-common": "^2.0.0-alpha.0",
+    "@magda/typescript-common": "^2.0.0-alpha.3",
     "@microsoft/api-extractor": "^7.7.8",
     "ts-loader": "^6.2.1",
     "typescript": "^3.7.2",