@micha.bigler/ui-core-micha 1.2.2 → 1.2.4

package/dist/auth/authApi.js

@@ -1,6 +1,8 @@
 import axios from 'axios';
 import { HEADLESS_BASE, USERS_BASE, ACCESS_CODES_BASE } from './authConfig';
-// Helper to normalise error messages from API responses
+// -----------------------------
+// Error helper
+// -----------------------------
 function extractErrorMessage(error) {
     var _a;
     const data = (_a = error.response) === null || _a === void 0 ? void 0 : _a.data;
@@ -15,13 +17,19 @@ function extractErrorMessage(error) {
     }
     return 'An error occurred. Please try again.';
 }
-// Helper to get CSRF token from cookies manually
+// -----------------------------
+// CSRF helper
+// -----------------------------
 function getCsrfToken() {
-    if (!document.cookie)
+    if (typeof document === 'undefined' || !document.cookie) {
         return null;
+    }
     const match = document.cookie.match(/csrftoken=([^;]+)/);
     return match ? match[1] : null;
 }
+// -----------------------------
+// WebAuthn capability helpers
+// -----------------------------
 const hasJsonWebAuthn = typeof window !== 'undefined' &&
     typeof window.PublicKeyCredential !== 'undefined' &&
     typeof window.PublicKeyCredential.parseCreationOptionsFromJSON === 'function' &&
@@ -34,49 +42,39 @@ function ensureWebAuthnSupport() {
         throw new Error('Passkeys are not supported in this browser.');
     }
 }
-/**
- * Fetches the current authenticated user from your own User API.
- */
+// -----------------------------
+// User-related helpers
+// -----------------------------
 export async function fetchCurrentUser() {
     const res = await axios.get(`${USERS_BASE}/current/`, {
         withCredentials: true,
     });
     return res.data;
 }
-/**
- * Updates the user profile fields.
- */
 export async function updateUserProfile(data) {
     const res = await axios.patch(`${USERS_BASE}/current/`, data, {
         withCredentials: true,
     });
     return res.data;
 }
-/**
- * Logs a user in using email/password via allauth headless.
- */
+// -----------------------------
+// Authentication: password
+// -----------------------------
 export async function loginWithPassword(email, password) {
     try {
-        await axios.post(`${HEADLESS_BASE}/auth/login`, {
-            email,
-            password,
-        }, { withCredentials: true });
+        await axios.post(`${HEADLESS_BASE}/auth/login`, { email, password }, { withCredentials: true });
     }
     catch (error) {
         if (error.response && error.response.status === 409) {
-            // User is already logged in, continue and fetch current user
+            // Already logged in: continue and fetch current user
         }
         else {
             throw new Error(extractErrorMessage(error));
         }
     }
     const user = await fetchCurrentUser();
-    // Normalise return shape so callers always get { user }
     return { user };
 }
-/**
- * Requests a password reset email via allauth headless.
- */
 export async function requestPasswordReset(email) {
     try {
         await axios.post(`${USERS_BASE}/reset-request/`, { email }, { withCredentials: true });
@@ -85,23 +83,15 @@ export async function requestPasswordReset(email) {
         throw new Error(extractErrorMessage(error));
     }
 }
-/**
- * Sets a new password using a reset key (from email link).
- */
+// (Falls du es noch brauchst: klassischer allauth-Key-Flow)
 export async function resetPasswordWithKey(key, newPassword) {
     try {
-        await axios.post(`${HEADLESS_BASE}/auth/password/reset/key`, {
-            key,
-            password: newPassword,
-        }, { withCredentials: true });
+        await axios.post(`${HEADLESS_BASE}/auth/password/reset/key`, { key, password: newPassword }, { withCredentials: true });
     }
     catch (error) {
         throw new Error(extractErrorMessage(error));
     }
 }
-/**
- * Changes the password for an authenticated user.
- */
 export async function changePassword(currentPassword, newPassword) {
     try {
         await axios.post(`${HEADLESS_BASE}/account/password/change`, {
@@ -113,9 +103,9 @@ export async function changePassword(currentPassword, newPassword) {
         throw new Error(extractErrorMessage(error));
     }
 }
-/**
- * Logs the user out via allauth headless.
- */
+// -----------------------------
+// Logout / Session
+// -----------------------------
 export async function logoutSession() {
     try {
         const headers = {};
@@ -130,39 +120,36 @@ export async function logoutSession() {
     }
     catch (error) {
         if (error.response && [401, 404, 410].includes(error.response.status)) {
+            // Session already gone, nothing to do
             return;
         }
         // eslint-disable-next-line no-console
         console.error('Logout error:', error);
     }
 }
-/**
- * Starts an OAuth social login flow for the given provider.
- * Provider examples: "google", "microsoft".
- * * FIX:
- * 1. Uses POST instead of GET (standard for headless init flows).
- * 2. Uses the correct path '/providers/{provider}/login'.
- */
+export async function fetchHeadlessSession() {
+    const res = await axios.get(`${HEADLESS_BASE}/auth/session`, {
+        withCredentials: true,
+    });
+    return res.data;
+}
+// -----------------------------
+// Social login
+// -----------------------------
 export function startSocialLogin(provider) {
-    // Basic safety check to avoid runtime errors in non-browser environments
     if (typeof window === 'undefined') {
         throw new Error('Social login is only available in a browser environment.');
     }
+    // Classic allauth HTML flow
     window.location.href = `/accounts/${provider}/login/?process=login`;
 }
-/**
- * Prüft, ob ein Access-Code gültig ist.
- * Erwartet: POST /api/access-codes/validate/ { code }
- * Antwort: { valid: true/false } oder 400 mit detail-Fehler.
- */
+// -----------------------------
+// Invitation / access code
+// -----------------------------
 export async function validateAccessCode(code) {
     const res = await axios.post(`${ACCESS_CODES_BASE}/validate/`, { code }, { withCredentials: true });
-    return res.data; // { valid: bool } oder Error
+    return res.data;
 }
-/**
- * Fordert eine Einladung mit optionalem Access-Code an.
- * Backend prüft den Code noch einmal serverseitig.
- */
 export async function requestInviteWithCode(email, accessCode) {
     const payload = { email };
     if (accessCode) {
@@ -171,15 +158,9 @@ export async function requestInviteWithCode(email, accessCode) {
     const res = await axios.post(`${USERS_BASE}/invite/`, payload, { withCredentials: true });
     return res.data;
 }
-/**
- * Loads the current session information directly from allauth headless.
- */
-export async function fetchHeadlessSession() {
-    const res = await axios.get(`${HEADLESS_BASE}/auth/session`, {
-        withCredentials: true,
-    });
-    return res.data;
-}
+// -----------------------------
+// Custom password-reset via uid/token
+// -----------------------------
 export async function verifyResetToken(uid, token) {
     const res = await axios.get(`${USERS_BASE}/password-reset/${uid}/${token}/`, { withCredentials: true });
     return res.data;
@@ -188,16 +169,23 @@ export async function setNewPassword(uid, token, newPassword) {
     const res = await axios.post(`${USERS_BASE}/password-reset/${uid}/${token}/`, { new_password: newPassword }, { withCredentials: true });
     return res.data;
 }
-// Start: Optionen für Credential-Erzeugung holen
+// -----------------------------
+// WebAuthn / Passkeys: register
+// -----------------------------
 async function registerPasskeyStart({ passwordless = true } = {}) {
     ensureWebAuthnSupport();
     const res = await axios.get(`${HEADLESS_BASE}/account/authenticators/webauthn`, {
         params: passwordless ? { passwordless: true } : {},
         withCredentials: true,
     });
-    return res.data; // JSON-Options vom Server
+    const data = res.data || {};
+    // allauth.headless: { creation_options: { publicKey: { ... } } }
+    // Wir wollen am Ende den INNEREN publicKey-Block haben:
+    const publicKeyJson = (data.creation_options && data.creation_options.publicKey) ||
+        data.publicKey ||
+        data;
+    return publicKeyJson;
 }
-// Complete: Credential an Server schicken
 async function registerPasskeyComplete(credentialJson, name = 'Passkey') {
     const res = await axios.post(`${HEADLESS_BASE}/account/authenticators/webauthn`, {
         credential: credentialJson,
@@ -205,22 +193,22 @@ async function registerPasskeyComplete(credentialJson, name = 'Passkey') {
     }, { withCredentials: true });
     return res.data;
 }
-// High-level Helper, den das UI aufruft
 export async function registerPasskey(name = 'Passkey') {
     ensureWebAuthnSupport();
     if (!hasJsonWebAuthn) {
         throw new Error('Passkey JSON helpers are not available in this browser.');
     }
-    const optionsJson = await registerPasskeyStart({ passwordless: true });
+    // Hier bekommst du bereits den inneren publicKey-Block mit challenge etc.
+    const publicKeyJson = await registerPasskeyStart({ passwordless: true });
     let credential;
     try {
-        const publicKeyOptions = window.PublicKeyCredential.parseCreationOptionsFromJSON(optionsJson);
+        // publicKeyJson hat challenge auf Top-Level
+        const publicKeyOptions = window.PublicKeyCredential.parseCreationOptionsFromJSON(publicKeyJson);
         credential = await navigator.credentials.create({
             publicKey: publicKeyOptions,
         });
     }
     catch (err) {
-        // Typischer Fall: User klickt "Abbrechen"
         if (err && err.name === 'NotAllowedError') {
             throw new Error('Passkey creation was cancelled by the user.');
         }
@@ -232,32 +220,38 @@ export async function registerPasskey(name = 'Passkey') {
     const credentialJson = credential.toJSON();
     return registerPasskeyComplete(credentialJson, name);
 }
+// -----------------------------
+// WebAuthn / Passkeys: login
+// -----------------------------
 async function loginWithPasskeyStart() {
     ensureWebAuthnSupport();
     const res = await axios.get(`${HEADLESS_BASE}/auth/webauthn/login`, { withCredentials: true });
-    return res.data;
+    const data = res.data || {};
+    // allauth.headless: { request_options: { publicKey: { ... } } }
+    const requestOptionsJson = (data.request_options && data.request_options.publicKey) ||
+        data.request_options ||
+        data;
+    return requestOptionsJson;
 }
 async function loginWithPasskeyComplete(credentialJson) {
     const res = await axios.post(`${HEADLESS_BASE}/auth/webauthn/login`, { credential: credentialJson }, { withCredentials: true });
     return res.data;
 }
-// Public API, die du im UI verwendest
 export async function loginWithPasskey() {
     ensureWebAuthnSupport();
     if (!hasJsonWebAuthn) {
         throw new Error('Passkey JSON helpers are not available in this browser.');
     }
-    const optionsJson = await loginWithPasskeyStart();
+    const requestOptionsJson = await loginWithPasskeyStart();
     let assertion;
     try {
-        const publicKeyOptions = window.PublicKeyCredential.parseRequestOptionsFromJSON(optionsJson);
+        const publicKeyOptions = window.PublicKeyCredential.parseRequestOptionsFromJSON(requestOptionsJson);
         assertion = await navigator.credentials.get({
             publicKey: publicKeyOptions,
         });
     }
     catch (err) {
         if (err && err.name === 'NotAllowedError') {
-            // User hat abgebrochen oder Timeout
             throw new Error('Passkey authentication was cancelled by the user.');
         }
         throw err;
@@ -271,13 +265,12 @@ export async function loginWithPasskey() {
         await loginWithPasskeyComplete(credentialJson);
     }
     catch (err) {
-        // z.B. 401, obwohl das Credential eigentlich ok war
+        // For example 401 although credential looked fine
         postError = err;
     }
-    // Versuchen, die aktuelle Session zu laden
     try {
         const user = await fetchCurrentUser();
-        return { user }; // <--- wie loginWithPassword
+        return { user };
     }
     catch (err) {
         if (postError) {
@@ -286,6 +279,9 @@ export async function loginWithPasskey() {
         throw new Error(extractErrorMessage(err));
     }
 }
+// -----------------------------
+// Aggregated API object
+// -----------------------------
 export const authApi = {
     fetchCurrentUser,
     updateUserProfile,
@@ -302,3 +298,4 @@ export const authApi = {
     validateAccessCode,
     requestInviteWithCode,
 };
+export default authApi;

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@micha.bigler/ui-core-micha",
-  "version": "1.2.2",
+  "version": "1.2.4",
   "main": "dist/index.js",
   "module": "dist/index.js",
   "private": false,

package/src/auth/authApi.jsx

@@ -1,7 +1,9 @@
 import axios from 'axios';
-import { HEADLESS_BASE, USERS_BASE, ACCESS_CODES_BASE } from './authConfig'; 
+import { HEADLESS_BASE, USERS_BASE, ACCESS_CODES_BASE } from './authConfig';
 
-// Helper to normalise error messages from API responses
+// -----------------------------
+// Error helper
+// -----------------------------
 function extractErrorMessage(error) {
   const data = error.response?.data;
   if (!data) {
@@ -16,13 +18,20 @@ function extractErrorMessage(error) {
   return 'An error occurred. Please try again.';
 }
 
-// Helper to get CSRF token from cookies manually
+// -----------------------------
+// CSRF helper
+// -----------------------------
 function getCsrfToken() {
-  if (!document.cookie) return null;
+  if (typeof document === 'undefined' || !document.cookie) {
+    return null;
+  }
   const match = document.cookie.match(/csrftoken=([^;]+)/);
   return match ? match[1] : null;
 }
 
+// -----------------------------
+// WebAuthn capability helpers
+// -----------------------------
 const hasJsonWebAuthn =
   typeof window !== 'undefined' &&
   typeof window.PublicKeyCredential !== 'undefined' &&
@@ -40,9 +49,9 @@ function ensureWebAuthnSupport() {
   }
 }
 
-/**
- * Fetches the current authenticated user from your own User API.
- */
+// -----------------------------
+// User-related helpers
+// -----------------------------
 export async function fetchCurrentUser() {
   const res = await axios.get(`${USERS_BASE}/current/`, {
     withCredentials: true,
@@ -50,9 +59,6 @@ export async function fetchCurrentUser() {
   return res.data;
 }
 
-/**
- * Updates the user profile fields.
- */
 export async function updateUserProfile(data) {
   const res = await axios.patch(`${USERS_BASE}/current/`, data, {
     withCredentials: true,
@@ -60,35 +66,28 @@ export async function updateUserProfile(data) {
   return res.data;
 }
 
-/**
- * Logs a user in using email/password via allauth headless.
- */
+// -----------------------------
+// Authentication: password
+// -----------------------------
 export async function loginWithPassword(email, password) {
   try {
     await axios.post(
       `${HEADLESS_BASE}/auth/login`,
-      {
-        email,
-        password,
-      },
+      { email, password },
       { withCredentials: true },
     );
   } catch (error) {
     if (error.response && error.response.status === 409) {
-      // User is already logged in, continue and fetch current user
+      // Already logged in: continue and fetch current user
     } else {
       throw new Error(extractErrorMessage(error));
     }
   }
 
   const user = await fetchCurrentUser();
-  // Normalise return shape so callers always get { user }
   return { user };
 }
 
-/**
- * Requests a password reset email via allauth headless.
- */
 export async function requestPasswordReset(email) {
   try {
     await axios.post(
@@ -101,17 +100,12 @@ export async function requestPasswordReset(email) {
   }
 }
 
-/**
- * Sets a new password using a reset key (from email link).
- */
+// (Falls du es noch brauchst: klassischer allauth-Key-Flow)
 export async function resetPasswordWithKey(key, newPassword) {
   try {
     await axios.post(
       `${HEADLESS_BASE}/auth/password/reset/key`,
-      {
-        key,
-        password: newPassword,
-      },
+      { key, password: newPassword },
       { withCredentials: true },
     );
   } catch (error) {
@@ -119,9 +113,6 @@ export async function resetPasswordWithKey(key, newPassword) {
   }
 }
 
-/**
- * Changes the password for an authenticated user.
- */
 export async function changePassword(currentPassword, newPassword) {
   try {
     await axios.post(
@@ -137,9 +128,9 @@ export async function changePassword(currentPassword, newPassword) {
   }
 }
 
-/**
- * Logs the user out via allauth headless.
- */
+// -----------------------------
+// Logout / Session
+// -----------------------------
 export async function logoutSession() {
   try {
     const headers = {};
@@ -150,13 +141,14 @@ export async function logoutSession() {
 
     await axios.delete(
       `${HEADLESS_BASE}/auth/session`,
-      { 
+      {
         withCredentials: true,
-        headers, 
+        headers,
       },
     );
   } catch (error) {
     if (error.response && [401, 404, 410].includes(error.response.status)) {
+      // Session already gone, nothing to do
       return;
     }
     // eslint-disable-next-line no-console
@@ -164,40 +156,37 @@ export async function logoutSession() {
   }
 }
 
-/**
- * Starts an OAuth social login flow for the given provider.
- * Provider examples: "google", "microsoft".
- * * FIX:
- * 1. Uses POST instead of GET (standard for headless init flows).
- * 2. Uses the correct path '/providers/{provider}/login'.
- */
+export async function fetchHeadlessSession() {
+  const res = await axios.get(`${HEADLESS_BASE}/auth/session`, {
+    withCredentials: true,
+  });
+  return res.data;
+}
+
+// -----------------------------
+// Social login
+// -----------------------------
 export function startSocialLogin(provider) {
-  // Basic safety check to avoid runtime errors in non-browser environments
   if (typeof window === 'undefined') {
     throw new Error('Social login is only available in a browser environment.');
   }
 
+  // Classic allauth HTML flow
   window.location.href = `/accounts/${provider}/login/?process=login`;
 }
 
-/**
- * Prüft, ob ein Access-Code gültig ist.
- * Erwartet: POST /api/access-codes/validate/ { code }
- * Antwort: { valid: true/false } oder 400 mit detail-Fehler.
- */
+// -----------------------------
+// Invitation / access code
+// -----------------------------
 export async function validateAccessCode(code) {
   const res = await axios.post(
     `${ACCESS_CODES_BASE}/validate/`,
     { code },
     { withCredentials: true },
   );
-  return res.data; // { valid: bool } oder Error
+  return res.data;
 }
 
-/**
- * Fordert eine Einladung mit optionalem Access-Code an.
- * Backend prüft den Code noch einmal serverseitig.
- */
 export async function requestInviteWithCode(email, accessCode) {
   const payload = { email };
   if (accessCode) {
@@ -212,19 +201,9 @@ export async function requestInviteWithCode(email, accessCode) {
   return res.data;
 }
 
-
-/**
- * Loads the current session information directly from allauth headless.
- */
-export async function fetchHeadlessSession() {
-  const res = await axios.get(`${HEADLESS_BASE}/auth/session`, {
-    withCredentials: true,
-  });
-  return res.data;
-}
-
-
-
+// -----------------------------
+// Custom password-reset via uid/token
+// -----------------------------
 export async function verifyResetToken(uid, token) {
   const res = await axios.get(
     `${USERS_BASE}/password-reset/${uid}/${token}/`,
@@ -242,7 +221,9 @@ export async function setNewPassword(uid, token, newPassword) {
   return res.data;
 }
 
-// Start: Optionen für Credential-Erzeugung holen
+// -----------------------------
+// WebAuthn / Passkeys: register
+// -----------------------------
 async function registerPasskeyStart({ passwordless = true } = {}) {
   ensureWebAuthnSupport();
 
@@ -253,10 +234,19 @@ async function registerPasskeyStart({ passwordless = true } = {}) {
       withCredentials: true,
     },
   );
-  return res.data; // JSON-Options vom Server
+
+  const data = res.data || {};
+
+  // allauth.headless: { creation_options: { publicKey: { ... } } }
+  // Wir wollen am Ende den INNEREN publicKey-Block haben:
+  const publicKeyJson =
+    (data.creation_options && data.creation_options.publicKey) ||
+    data.publicKey ||
+    data;
+
+  return publicKeyJson;
 }
 
-// Complete: Credential an Server schicken
 async function registerPasskeyComplete(credentialJson, name = 'Passkey') {
   const res = await axios.post(
     `${HEADLESS_BASE}/account/authenticators/webauthn`,
@@ -269,7 +259,6 @@ async function registerPasskeyComplete(credentialJson, name = 'Passkey') {
   return res.data;
 }
 
-// High-level Helper, den das UI aufruft
 export async function registerPasskey(name = 'Passkey') {
   ensureWebAuthnSupport();
 
@@ -277,18 +266,19 @@ export async function registerPasskey(name = 'Passkey') {
     throw new Error('Passkey JSON helpers are not available in this browser.');
   }
 
-  const optionsJson = await registerPasskeyStart({ passwordless: true });
+  // Hier bekommst du bereits den inneren publicKey-Block mit challenge etc.
+  const publicKeyJson = await registerPasskeyStart({ passwordless: true });
 
   let credential;
   try {
+    // publicKeyJson hat challenge auf Top-Level
     const publicKeyOptions =
-      window.PublicKeyCredential.parseCreationOptionsFromJSON(optionsJson);
+      window.PublicKeyCredential.parseCreationOptionsFromJSON(publicKeyJson);
 
     credential = await navigator.credentials.create({
       publicKey: publicKeyOptions,
     });
   } catch (err) {
-    // Typischer Fall: User klickt "Abbrechen"
     if (err && err.name === 'NotAllowedError') {
       throw new Error('Passkey creation was cancelled by the user.');
     }
@@ -303,6 +293,9 @@ export async function registerPasskey(name = 'Passkey') {
   return registerPasskeyComplete(credentialJson, name);
 }
 
+// -----------------------------
+// WebAuthn / Passkeys: login
+// -----------------------------
 async function loginWithPasskeyStart() {
   ensureWebAuthnSupport();
 
@@ -310,7 +303,16 @@ async function loginWithPasskeyStart() {
     `${HEADLESS_BASE}/auth/webauthn/login`,
     { withCredentials: true },
   );
-  return res.data;
+
+  const data = res.data || {};
+
+  // allauth.headless: { request_options: { publicKey: { ... } } }
+  const requestOptionsJson =
+    (data.request_options && data.request_options.publicKey) ||
+    data.request_options ||
+    data;
+
+  return requestOptionsJson;
 }
 
 async function loginWithPasskeyComplete(credentialJson) {
@@ -322,7 +324,6 @@ async function loginWithPasskeyComplete(credentialJson) {
   return res.data;
 }
 
-// Public API, die du im UI verwendest
 export async function loginWithPasskey() {
   ensureWebAuthnSupport();
 
@@ -330,19 +331,18 @@ export async function loginWithPasskey() {
     throw new Error('Passkey JSON helpers are not available in this browser.');
   }
 
-  const optionsJson = await loginWithPasskeyStart();
+  const requestOptionsJson = await loginWithPasskeyStart();
 
   let assertion;
   try {
     const publicKeyOptions =
-      window.PublicKeyCredential.parseRequestOptionsFromJSON(optionsJson);
+      window.PublicKeyCredential.parseRequestOptionsFromJSON(requestOptionsJson);
 
     assertion = await navigator.credentials.get({
       publicKey: publicKeyOptions,
     });
   } catch (err) {
     if (err && err.name === 'NotAllowedError') {
-      // User hat abgebrochen oder Timeout
       throw new Error('Passkey authentication was cancelled by the user.');
     }
     throw err;
@@ -358,14 +358,13 @@ export async function loginWithPasskey() {
   try {
     await loginWithPasskeyComplete(credentialJson);
   } catch (err) {
-    // z.B. 401, obwohl das Credential eigentlich ok war
+    // For example 401 although credential looked fine
     postError = err;
   }
 
-  // Versuchen, die aktuelle Session zu laden
   try {
     const user = await fetchCurrentUser();
-    return { user };           // <--- wie loginWithPassword
+    return { user };
   } catch (err) {
     if (postError) {
       throw new Error(extractErrorMessage(postError));
@@ -374,7 +373,9 @@ export async function loginWithPasskey() {
   }
 }
 
-
+// -----------------------------
+// Aggregated API object
+// -----------------------------
 export const authApi = {
   fetchCurrentUser,
   updateUserProfile,
@@ -390,4 +391,6 @@ export const authApi = {
   registerPasskey,
   validateAccessCode,
   requestInviteWithCode,
-};
+};
+
+export default authApi;