npm - @nibssplc/cams-sdk-react - Versions diffs - 0.0.1-beta.47 → 0.0.1-beta.49 - Mend

@nibssplc/cams-sdk-react 0.0.1-beta.47 → 0.0.1-beta.49

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (6) hide show

package/dist/hooks/useCAMSMSALAuth.d.ts +2 -0
package/dist/index.cjs.js +16 -5
package/dist/index.cjs.js.map +1 -1
package/dist/index.esm.js +16 -5
package/dist/index.esm.js.map +1 -1
package/package.json +1 -1

package/dist/hooks/useCAMSMSALAuth.d.ts CHANGED Viewed

@@ -6,6 +6,8 @@ export interface UseCAMSMSALAuthOptions {
     scopes?: string[];
     mfaUrl?: string;
     prompt?: string;
+    messageOrigin?: string;
+    allowedOrigins?: string[];
 }
 export interface UseCAMSMSALAuthReturn {
     login: () => Promise<void>;

package/dist/index.cjs.js CHANGED Viewed

@@ -16821,7 +16821,13 @@ function useCAMSMSALAuth(options) {
                                 // Center the popup window
                                 var left = (window.screen.width - 500) / 2;
                                 var top_1 = (window.screen.height - 600) / 2;
-                                var authWindow_1 = window.open(options.mfaUrl, "_blank", "width=500,height=600,left=".concat(left, ",top=").concat(top_1, ",scrollbars=yes,resizable=yes"));
+                                camsSdk.Logger.info("source", {
+                                    origin: window.location.origin,
+                                    mfaUrl: options.mfaUrl,
+                                });
+                                var currentOrigin = window.location.origin;
+                                var mfaUrlWithOrigin = "".concat(options.mfaUrl, "?origin=").concat(encodeURIComponent(currentOrigin));
+                                var authWindow_1 = window.open(mfaUrlWithOrigin, "_blank", "width=500,height=600,left=".concat(left, ",top=").concat(top_1, ",scrollbars=yes,resizable=yes"));
                                 if (!authWindow_1) {
                                     camsSdk.Logger.error("Popup window blocked");
                                     throw new camsSdk.CAMSError(camsSdk.CAMSErrorType.POPUP_BLOCKED, "Popup blocked by browser. Please allow popups and try again.");
@@ -16831,7 +16837,7 @@ function useCAMSMSALAuth(options) {
                                     throw new camsSdk.CAMSError(camsSdk.CAMSErrorType.POPUP_BLOCKED, "Popup blocked by browser. Please allow popups and try again.");
                                 }
                                 var cleanup_1 = function () {
-                                    window.removeEventListener('message', listener_1);
+                                    window.removeEventListener("message", listener_1);
                                     clearInterval(checkClosed_1);
                                 };
                                 var cleanupAndClose_1 = function (error) {
@@ -16851,13 +16857,18 @@ function useCAMSMSALAuth(options) {
                                 var listener_1 = function (event) {
                                     if (event.source !== authWindow_1)
                                         return;
+                                    var allowedOrigins = options.allowedOrigins || [
+                                        options.messageOrigin || new URL(options.mfaUrl || "").origin
+                                    ].filter(Boolean);
+                                    if (allowedOrigins.length > 0 && !allowedOrigins.includes(event.origin))
+                                        return;
                                     var tokenMsg = camsSdk.ProfileSchema.safeParse(event.data);
                                     if (tokenMsg.success) {
                                         localStorage.setItem(storageKey, JSON.stringify({
                                             isAuthenticated: true,
                                             accessToken: response.accessToken,
                                             idToken: response.idToken,
-                                            appCode: ''
+                                            appCode: "",
                                         }));
                                         cleanupAndClose_1();
                                         return;
@@ -16872,10 +16883,10 @@ function useCAMSMSALAuth(options) {
                                         cleanupAndClose_1(new camsSdk.CAMSError(camsSdk.CAMSErrorType.USER_CANCELLED, errorMsg.data.error));
                                     }
                                 };
-                                window.addEventListener('message', listener_1);
+                                window.addEventListener("message", listener_1);
                                 var checkClosed_1 = setInterval(function () {
                                     if (authWindow_1.closed) {
-                                        cleanupAndClose_1(new camsSdk.CAMSError(camsSdk.CAMSErrorType.USER_CANCELLED, 'Authentication cancelled'));
+                                        cleanupAndClose_1(new camsSdk.CAMSError(camsSdk.CAMSErrorType.USER_CANCELLED, "Authentication cancelled"));
                                     }
                                 }, 1000);
                                 (_a = options.onAuthSuccess) === null || _a === void 0 ? void 0 : _a.call(options, response.accessToken);