@mindline/sync 1.0.41 → 1.0.43

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (9) hide show
  1. package/.vs/VSWorkspaceState.json +1 -0
  2. package/.vs/slnx.sqlite +0 -0
  3. package/.vs/sync/FileContentIndex/911a1b8c-031f-400d-b772-24db627d3dab.vsidx +0 -0
  4. package/.vs/sync/v17/.wsuo +0 -0
  5. package/index.d.ts +2 -2
  6. package/index.ts +32 -19
  7. package/package.json +1 -1
  8. package/tasks.ts +1 -1
  9. package/.vs/sync/FileContentIndex/952c1cfb-eca2-4b04-b041-a15b6e311a74.vsidx +0 -0
package/.vs/VSWorkspaceState.json CHANGED
@@ -2,5 +2,6 @@
2
2
  "ExpandedNodes": [
3
3
  ""
4
4
  ],
5
+ "SelectedNode": "\\index.ts",
5
6
  "PreviewInSolutionExplorer": false
6
7
  }
package/.vs/slnx.sqlite CHANGED
Binary file
package/.vs/sync/v17/.wsuo CHANGED
Binary file
package/index.d.ts CHANGED
@@ -104,7 +104,7 @@ declare module "@mindline/sync" {
104
104
  export type TaskType = "initialization" |
105
105
  "authenticate user" |
106
106
  "reload React" |
107
- "PUT access token" |
107
+ "PUT tenant" |
108
108
  "GET tenant details" |
109
109
  "POST config init" |
110
110
  "GET workspaces" |
@@ -221,7 +221,7 @@ declare module "@mindline/sync" {
221
221
  export function groupsGet(instance: IPublicClientApplication, user: User | undefined, groupSearchString: string): Promise<{groups: Group[], error: string}>;
222
222
  export function signIn(user: User, tasks: TaskArray): void;
223
223
  export function signInIncrementally(user: User, scope: string): void;
224
- export function signOut(user: User): void;
224
+ export function signOut(user: User): boolean;
225
225
  export function tenantRelationshipsGetByDomain(loggedInuser: User, tenant: Tenant, instance: IPublicClientApplication, debug: boolean): boolean;
226
226
  export function tenantRelationshipsGetById(user: User, ii: InitInfo, instance: IPublicClientApplication, tasks: TaskArray, debug: boolean): boolean;
227
227
  export function tenantUnauthenticatedLookup(tenant: Tenant, debug: boolean): Promise<boolean>;
package/index.ts CHANGED
@@ -1074,11 +1074,11 @@ export async function groupsGet(instance: IPublicClientApplication, user: User |
1074
1074
  }
1075
1075
  }
1076
1076
  export function signIn(user: User, tasks: TaskArray): void {
1077
+ // SignIn by an admin consents the full set of permissions, unlike Challenge which requires a consented app
1077
1078
  let tenantURL: string = window.location.href;
1078
- tenantURL += "MicrosoftIdentity/Account/Challenge";
1079
+ tenantURL += "MicrosoftIdentity/Account/SignIn";
1079
1080
  let url: URL = new URL(tenantURL);
1080
1081
  url.searchParams.append("redirectUri", window.location.origin);
1081
- url.searchParams.append("scope", "openid offline_access Directory.AccessAsUser.All CrossTenantInformation.ReadBasic.All");
1082
1082
  url.searchParams.append("domainHint", "organizations");
1083
1083
  if (user.oid !== "1") {
1084
1084
  url.searchParams.append("loginHint", user.mail);
@@ -1099,18 +1099,31 @@ export function signInIncrementally(user: User, scope: string): void {
1099
1099
  url.searchParams.append("loginHint", user.mail);
1100
1100
  window.location.assign(url.href);
1101
1101
  }
1102
- export function signOut(user: User): void {
1102
+ export async function signOut(user: User): Promise<boolean>{
1103
1103
  if (user.oid == "1") return;
1104
- // these lines provide more callbacks during logout
1105
- //let tenantURL: string = window.location.href;
1106
- //tenantURL += "MicrosoftIdentity/Account/SignOut";
1107
- // this line takes advantage of our saved loginHint to logout right away, but requires additional cleanup logic
1108
- // https://aaddevsup.azurewebsites.net/2022/03/how-to-logout-of-an-oauth2-application-without-getting-prompted-to-select-a-user/
1109
- let tenantURL: string = "https://login.microsoftonline.com/common/oauth2/logout";
1110
- let url: URL = new URL(tenantURL);
1111
- url.searchParams.append("post_logout_redirect_uri", window.location.origin);
1112
- url.searchParams.append("logout_hint", user.loginHint);
1113
- window.location.assign(url.href);
1104
+ // set logout_hint in the .NET session for streamlined logout
1105
+ let userEndpoint: string = window.location.href;
1106
+ userEndpoint += "user";
1107
+ let url = new URL(userEndpoint);
1108
+ url.searchParams.append("oid", user.oid);
1109
+ url.searchParams.append("tid", user.tid);
1110
+ url.searchParams.append("loginHint", user.loginHint);
1111
+ url.searchParams.append("verb", "LOGOUT");
1112
+ let options = { method: "PATCH" };
1113
+ let userLogoutResponse: Response = await fetch(url.href, options);
1114
+ if (userLogoutResponse.status == 200 && userLogoutResponse.statusText == "OK") {
1115
+ console.log(`Successfully set admin ${user.mail} logout_hint`);
1116
+ }
1117
+ else {
1118
+ console.log(`Failed to set admin ${user.mail} logout_hint`);
1119
+ return;
1120
+ }
1121
+ // start the logout process triggering callbacks during logout
1122
+ // OnRedirectToIdentityProviderForSignOut - this is where we set the logout_hint for user we are trying to logout
1123
+ // OnSignedOutCallbackRedirect - called when the call sucessfully completes
1124
+ let signoutURL: string = window.location.href;
1125
+ signoutURL += "MicrosoftIdentity/Account/SignOut";
1126
+ window.location.assign(signoutURL);
1114
1127
  }
1115
1128
  //tenantRelationshipsGetByDomain - query AAD for associated company name and id
1116
1129
  export async function tenantRelationshipsGetByDomain(loggedInUser: User, tenant: Tenant, instance: IPublicClientApplication, debug: boolean): Promise<boolean> {
@@ -1174,8 +1187,8 @@ export async function tenantRelationshipsGetByDomain(loggedInUser: User, tenant:
1174
1187
  //tenantRelationshipsGetById - query AAD for associated company name and domain
1175
1188
  export async function tenantRelationshipsGetById(user: User, ii: InitInfo, instance: IPublicClientApplication, tasks: TaskArray, debug: boolean): Promise<boolean> {
1176
1189
  if (debug) debugger;
1177
- // do we already have a valid company name? if so, nothing to add, no need for UX to re-render
1178
- if (user.companyName != "") return false;
1190
+ // since we should mainly be called when a user has newly logged in, we can afford the performance hit of looking up the tenant name and domain again
1191
+ // if (user.companyName != "") return false;
1179
1192
  // if needed, retrieve and cache access token
1180
1193
  if (user.accessToken === "") {
1181
1194
  try {
@@ -1263,7 +1276,7 @@ export async function tenantUnauthenticatedLookup(tenant: Tenant, debug: boolean
1263
1276
  var authMatches = tenantAuthEndpoint.match(regexes[j]);
1264
1277
  tenant.tid = authMatches[2];
1265
1278
  tenant.authority = authMatches[1]; // USGov tenants are registered in WW with USGov authority values!
1266
- console.log("Successful GET from openid well-known endpoint");
1279
+ console.log(`Successful GET from openid well-known endpoint: tid: ${tenant.tid} authority: ${tenant.authority}`);
1267
1280
  return true; // success, need UX to re-render
1268
1281
  }
1269
1282
  else {
@@ -1363,12 +1376,12 @@ export async function initGet(instance: IPublicClientApplication, authorizedUser
1363
1376
  tenant.domain = user.tid;
1364
1377
  let bResult: boolean = await tenantUnauthenticatedLookup(tenant, debug);
1365
1378
  if (bResult) {
1366
- // success, we at least got authority as a new bit of information at this point
1379
+ // success, we now know instance of this tenant
1367
1380
  user.authority = tenant.authority;
1368
1381
  // do we have a logged in user from the same authority as this newly proposed tenant?
1369
1382
  let loggedInUser: User | undefined = ii.us.find((u: User) => (u.session === "Sign Out" && u.authority === user.authority));
1370
1383
  if (loggedInUser != null) {
1371
- // get tenant name and domain from AAD
1384
+ // get tenant name and domain from AAD to pass to Configuration API
1372
1385
  result.result = await tenantRelationshipsGetById(user, ii, instance, tasks, debug);
1373
1386
  // if this is the first time, we have just gotten tenant info, then we must POST user and not-yet-onboarded tenant to back end
1374
1387
  if (result.result) {
@@ -1387,7 +1400,7 @@ export async function initGet(instance: IPublicClientApplication, authorizedUser
1387
1400
  return result;
1388
1401
  }
1389
1402
  else {
1390
- result.error = `${user.mail} insufficient privileges to lookup under authority: ${user.authority}.`;
1403
+ result.error = `${user.mail} with insufficient privileges to lookup under authority: ${user.authority}.`;
1391
1404
  result.result = false;
1392
1405
  return result;
1393
1406
  }
package/package.json CHANGED
@@ -1,7 +1,7 @@
1
1
  {
2
2
  "name": "@mindline/sync",
3
3
  "type": "module",
4
- "version": "1.0.41",
4
+ "version": "1.0.43",
5
5
  "types": "index.d.ts",
6
6
  "exports": "./index.ts",
7
7
  "description": "sync is a node.js package encapsulating javscript classes required for configuring Mindline sync service.",
package/tasks.ts CHANGED
@@ -26,7 +26,7 @@ const data: any[] = [
26
26
  },
27
27
  {
28
28
  id: 4,
29
- task: "PUT access token",
29
+ task: "PUT tenant",
30
30
  start: "1970-01-01T00:00:00",
31
31
  end: "1970-01-01T00:00:00",
32
32
  expected: "0:01",