@mindline/sync 1.0.42 → 1.0.44

package/.vs/VSWorkspaceState.json

@@ -2,6 +2,5 @@
   "ExpandedNodes": [
     ""
   ],
-  "SelectedNode": "\\index.ts",
   "PreviewInSolutionExplorer": false
 }

package/index.d.ts

@@ -1,5 +1,4 @@
 import { IPublicClientApplication } from "@azure/msal-browser";
-
 declare module "@mindline/sync" {
     export function sum(a: number, b: number): number;
     export function helloNpm(): string;
@@ -10,6 +9,14 @@ declare module "@mindline/sync" {
         description: string;
     }
     // admin
+    export class UserScope {
+        group: string;
+        value: string;
+        consented: boolean;
+        expanded: string;
+        static compareByValue(a: UserScope, b: UserScope): number;
+        static compareByGroup(a: UserScope, b: UserScope): number;
+    }
     export class User {
         oid: string;  // from AAD ID token
         name: string; // from AAD ID token
@@ -26,7 +33,6 @@ declare module "@mindline/sync" {
         loginHint: string;
         scopes: string[];
         authTS: Date;
-        claimsprincipal: string; // claims principal cached at login to allow clearing cache at logout
         constructor();
     }
     // tenant (Azure AD tenant, AD domain, Google workspace)

package/index.ts

@@ -24,6 +24,18 @@ export class Group {
     displayName: string;
     description: string;
 }
+export class UserScope {
+    group: string;
+    value: string;
+    consented: boolean;
+    expanded: string;
+    static compareByValue(a: UserScope, b: UserScope): number {
+        return a.value.localeCompare(b.value);
+    }
+    static compareByGroup(a: UserScope, b: UserScope): number {
+        return a.group.localeCompare(b.group);
+    }
+}
 export class User {
     oid: string;
     name: string;
@@ -300,6 +312,7 @@ export class InitInfo {
 export type TaskType = "initialization" |
     "authenticate user" |
     "reload React" |
+    "PUT tenant" | 
     "GET tenant details" |
     "POST config init" |
     "GET workspaces" |
@@ -1093,8 +1106,7 @@ export function signInIncrementally(user: User, scope: string): void {
     tenantURL += "MicrosoftIdentity/Account/Challenge";
     let url: URL = new URL(tenantURL);
     url.searchParams.append("redirectUri", window.location.origin);
-    let scopes = scope;
-    url.searchParams.append("scope", scopes);
+    url.searchParams.append("scope", scope);
     url.searchParams.append("domainHint", "organizations");
     url.searchParams.append("loginHint", user.mail);
     window.location.assign(url.href);
@@ -1187,8 +1199,8 @@ export async function tenantRelationshipsGetByDomain(loggedInUser: User, tenant:
 //tenantRelationshipsGetById - query AAD for associated company name and domain
 export async function tenantRelationshipsGetById(user: User, ii: InitInfo, instance: IPublicClientApplication, tasks: TaskArray, debug: boolean): Promise<boolean> {
     if (debug) debugger;
-    // do we already have a valid company name? if so, nothing to add, no need for UX to re-render
-    if (user.companyName != "") return false;
+    // since we should mainly be called when a user has newly logged in, we can afford the performance hit of looking up the tenant name and domain again
+    // if (user.companyName != "") return false;
     // if needed, retrieve and cache access token
     if (user.accessToken === "") {
         try {
@@ -1276,7 +1288,7 @@ export async function tenantUnauthenticatedLookup(tenant: Tenant, debug: boolean
                     var authMatches = tenantAuthEndpoint.match(regexes[j]);
                     tenant.tid = authMatches[2];
                     tenant.authority = authMatches[1];  // USGov tenants are registered in WW with USGov authority values!
-                    console.log("Successful GET from openid well-known endpoint");
+                    console.log(`Successful GET from openid well-known endpoint: tid: ${tenant.tid} authority: ${tenant.authority}`);
                     return true;  // success, need UX to re-render
                 }
                 else {
@@ -1376,12 +1388,12 @@ export async function initGet(instance: IPublicClientApplication, authorizedUser
     tenant.domain = user.tid;
     let bResult: boolean = await tenantUnauthenticatedLookup(tenant, debug);
     if (bResult) {
-        // success, we at least got authority as a new bit of information at this point
+        // success, we now know instance of this tenant
         user.authority = tenant.authority;
         // do we have a logged in user from the same authority as this newly proposed tenant?
         let loggedInUser: User | undefined = ii.us.find((u: User) => (u.session === "Sign Out" && u.authority === user.authority));
         if (loggedInUser != null) {
-            // get tenant name and domain from AAD
+            // get tenant name and domain from AAD to pass to Configuration API
             result.result = await tenantRelationshipsGetById(user, ii, instance, tasks, debug);
             // if this is the first time, we have just gotten tenant info, then we must POST user and not-yet-onboarded tenant to back end
             if (result.result) {
@@ -1400,7 +1412,7 @@ export async function initGet(instance: IPublicClientApplication, authorizedUser
             return result;
         }
         else {
-            result.error = `${user.mail} insufficient privileges to lookup under authority: ${user.authority}.`;
+            result.error = `${user.mail} with insufficient privileges to lookup under authority: ${user.authority}.`;
             result.result = false;
             return result;
         }

package/package.json

@@ -1,7 +1,7 @@
 {
   "name": "@mindline/sync",
   "type": "module",
-  "version": "1.0.42",
+  "version": "1.0.44",
   "types": "index.d.ts",
   "exports": "./index.ts",
   "description": "sync is a node.js package encapsulating javscript classes required for configuring Mindline sync service.",